7.1

CVE-2014-6447

Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1.

Data is provided by the National Vulnerability Database (NVD)
JuniperJunos Version12.1x44 Update-
JuniperJunos Version12.1x44 Updated10
JuniperJunos Version12.1x44 Updated15
JuniperJunos Version12.1x44 Updated20
JuniperJunos Version12.1x44 Updated25
JuniperJunos Version12.1x44 Updated30
JuniperJunos Version12.1x44 Updated35
JuniperJunos Version12.1x44 Updated40
JuniperJunos Version12.1x46 Update-
JuniperJunos Version12.1x46 Updated10
JuniperJunos Version12.1x46 Updated15
JuniperJunos Version12.1x46 Updated20
JuniperJunos Version12.1x46 Updated25
JuniperJunos Version12.1x47 Update-
JuniperJunos Version12.1x47 Updated10
JuniperJunos Version12.1x47 Updated15
JuniperJunos Version12.3 Update-
JuniperJunos Version12.3 Updater1
JuniperJunos Version12.3 Updater2
JuniperJunos Version12.3 Updater3
JuniperJunos Version12.3 Updater4
JuniperJunos Version12.3 Updater5
JuniperJunos Version12.3 Updater6
JuniperJunos Version12.3 Updater7
JuniperJunos Version12.3x48 Update-
JuniperJunos Version13.1 Update-
JuniperJunos Version13.1 Updater1
JuniperJunos Version13.1 Updater2
JuniperJunos Version13.1 Updater3
JuniperJunos Version13.1 Updater4
JuniperJunos Version13.1 Updater4-s2
JuniperJunos Version13.2 Update-
JuniperJunos Version13.2 Updater1
JuniperJunos Version13.2 Updater2
JuniperJunos Version13.2 Updater3
JuniperJunos Version13.2 Updater4
JuniperJunos Version13.2 Updater5
JuniperJunos Version13.3 Update-
JuniperJunos Version13.3 Updater1
JuniperJunos Version13.3 Updater10
JuniperJunos Version13.3 Updater2
JuniperJunos Version13.3 Updater2-s2
JuniperJunos Version13.3 Updater3
JuniperJunos Version14.1 Update-
JuniperJunos Version14.1 Updater1
JuniperJunos Version14.1 Updater2
JuniperJunos Version14.1x53 Update-
JuniperJunos Version14.2 Update-
JuniperJunos Version15.1 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.48% 0.619
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 2.8 3.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:N/I:P/A:P
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securitytracker.com/id/1032846
Third Party Advisory
VDB Entry