4.3 - CVE-2014-2712

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2014-2712	First vendor Publication	2014-04-14
Vendor	Cve	Last vendor Modification	2015-10-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2712

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Os	Juniper Junos cpe:2.3:o:juniper:junos:12.2:-:::::: cpe:2.3:o:juniper:junos:12.1x46:-:::::: cpe:2.3:o:juniper:junos:12.1x45:-:::::: cpe:2.3:o:juniper:junos:12.1x44:-:::::: cpe:2.3:o:juniper:junos:12.1:-:::::: cpe:2.3:o:juniper:junos:11.4:-:::::: cpe:2.3:o:juniper:junos:10.4:::::::* cpe:2.3:o:juniper:junos:10.0:::::::*	8

Information Assurance Vulnerability Management (IAVM)

Date	Description
2014-04-17	IAVM : 2014-A-0053 - Multiple Vulnerabilities in Juniper Network JUNOS Severity : Category I - VMSKEY : V0049589

Nessus® Vulnerability Scanner

Date	Description
2012-07-17	Name : The remote device has a cross-site scripting vulnerability. File : juniper_psn-2012-07-649.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/66767
CONFIRM	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10521
SECTRACK	http://www.securitytracker.com/id/1030058

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:27:11	Multiple Updates
2024-02-01 12:08:02	Multiple Updates
2023-09-05 12:25:45	Multiple Updates
2023-09-05 01:07:56	Multiple Updates
2023-09-02 12:25:44	Multiple Updates
2023-09-02 01:08:03	Multiple Updates
2023-08-12 12:28:02	Multiple Updates
2023-08-12 01:07:33	Multiple Updates
2023-08-11 12:23:53	Multiple Updates
2023-08-11 01:07:44	Multiple Updates
2023-08-06 12:23:12	Multiple Updates
2023-08-06 01:07:32	Multiple Updates
2023-08-04 12:23:15	Multiple Updates
2023-08-04 01:07:36	Multiple Updates
2023-07-14 12:23:13	Multiple Updates
2023-07-14 01:07:34	Multiple Updates
2023-03-29 01:25:06	Multiple Updates
2023-03-28 12:07:55	Multiple Updates
2022-10-11 12:20:58	Multiple Updates
2022-10-11 01:07:43	Multiple Updates
2021-05-04 12:31:02	Multiple Updates
2021-04-22 01:37:36	Multiple Updates
2020-05-23 00:40:39	Multiple Updates
2019-04-16 12:05:42	Multiple Updates
2016-04-27 00:37:46	Multiple Updates
2015-10-08 21:23:00	Multiple Updates
2015-05-14 09:26:18	Multiple Updates
2014-04-19 13:25:00	Multiple Updates
2014-04-18 21:24:39	Multiple Updates
2014-04-15 17:20:46	Multiple Updates
2014-04-15 13:23:36	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	8
Sources(s)	3
IAVM(s)	1
Nessus® Exploit(s)	1

4.3 - CVE-2014-2712

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU