CVE-2014-6447

HIGH

Juniper Junos OS Multiple Versions - XSS and DoS in J-Web Error Handling

Title source: llm

Description

Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securitytracker.com/id/1032846

Scores

CVSS v3 7.1

EPSS 0.0047

EPSS Percentile 65.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Details

CWE

CWE-79

Status published

Products (12)

juniper/junos 12.1x44 (8 CPE variants)

juniper/junos 12.1x46 (5 CPE variants)

juniper/junos 12.1x47 (3 CPE variants)

juniper/junos 12.3 (8 CPE variants)

juniper/junos 12.3x48

juniper/junos 13.1 (6 CPE variants)

juniper/junos 13.2 (6 CPE variants)

juniper/junos 13.3 (6 CPE variants)

juniper/junos 14.1 (3 CPE variants)

juniper/junos 14.1x53

... and 2 more

Published Feb 11, 2020

Tracked Since Feb 18, 2026