Junos J-Web XSS Vulnerability Network Vulnerability

Summary

Cross-Site Scripting Vulnerability in J-Web.

Impact

Remote attackers can inject arbitrary web script or HTML to index.php.

Solution

New builds of Junos OS software are available from Juniper. As a workaround disable J-Web..

Insight

J-Web is vulnerable to a cross-site scripting injection. Parameters passed as arguments to index.php can result in the execution of scripting tags within the user's browser.

Affected

Junos OS 10.0, 10.4, 11.4, 12.1 and 12.2.

Detection

Check the OS build.

References

http://kb.juniper.net/JSA10521
http://www.securityfocus.com/bid/66767

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-2712
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Junos flowd Buffer Overflow Vulnerability
Junos Exclusive Edit Mode Privilege Escalation Vulnerability
Junos IPv6 to IPv4 Translating Denial of Service Vulnerability
Junos Privilege Escalation Vulnerability
Junos Security Issue whith Proxy ARP Enabled

Take action and discover your vulnerabilities