CVE-2014-6447 Information

Description

Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45 12.1X46 before 12.1X46-D30 12.1X47 before 12.1X47-D20 12.3 before 12.3R8 12.3X48 before 12.3X48-D10 13.1 before 13.1R5 13.2 before 13.2R6 13.3 before 13.3R4 14.1 before 14.1R3 14.1X53 before 14.1X53-D10 14.2 before 14.2R1 and 15.1 before 15.1R1.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682 http://www.securitytracker.com/id/1032846

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

7.1