CVE-2015-3004
https://notcve.org/view.php?id=CVE-2015-3004
J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, and 14.2 before 14.2R1 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. J-Web en Juniper Junos 11.4 anterior a 11.4R12, 12.1X44 anterior a 12.1X44-D35, 12.1X46 anterior a 12.1X46-D25, 12.1X47 anterior a 12.1X47-D10, 12.3X48 anterior a 12.3X48-D10, 12.2 anterior a 12.2R9, 12.3 anterior a 12.3R7, 13.2 anterior a 13.2R6, 13.2X51 anterior a 13.2X51-D20, 13.3 anterior a 13.3R5, 14.1 anterior a 14.1R3, 14.1X53 anterior a 14.1X53-D10, y 14.2 anterior a 14.2R1 permite a atacantes remotos realizar ataques de clickjacking a través de una cabecera X-Frame-Options. • http://www.securityfocus.com/bid/74017 http://www.securitytracker.com/id/1032090 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10675 • CWE-20: Improper Input Validation •
CVE-2014-9708 – Appweb Web Server Denial Of Service
https://notcve.org/view.php?id=CVE-2014-9708
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". Embedthis Appweb anterior a 4.6.6 y 5.x anterior a 5.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de una cabecera de rango con un valor vacío, tal y como fue demostrado por 'Rango: x=,'. Appweb Web Server suffers from a denial of service vulnerability. • http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/Apr/19 http://seclists.org/fulldisclosure/2015/Mar/158 http://www.openwall.com/lists/oss-security/2015/03/28/2 http://www.openwall.com/lists/oss-security/2015/04/06/2 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/archive/1/535028/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/5 • CWE-476: NULL Pointer Dereference •
CVE-2014-6382
https://notcve.org/view.php?id=CVE-2014-6382
The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete. Los routers de la serie Juniper MX Series con Junos 13.3R3 hasta 13.3Rx anterior a 13.3R6, 14.1 anterior a 14.1R4, 14.1X50 anterior a 14.1X50-D70, y 14.2 anterior a 14.2R2, cuando son configurados como un router BBE, permiten a atacantes remotos causar una denegación de servicio (caída de jpppd y reinicio) mediante el envío de una solicitud de autenticación PAP manipulada después de que las fases PPPoE Discovery y LCP estén completadas. • http://www.securityfocus.com/bid/72070 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10665 • CWE-20: Improper Input Validation •
CVE-2014-6384
https://notcve.org/view.php?id=CVE-2014-6384
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors. Juniper Junos 12.1X44 anterior a 12.1X44-D45, 12.1X46 anterior a 12.1X46-D25, 12.1X47 anterior a 12.1X47-D15, 12.3 anterior a 12.3R9, 13.1 anterior a 13.1R4-S3, 13.2 anterior a 13.2R6, 13.3 anterior a 13.3R5, 14.1anterior a 14.1R3, y 14.2 anterior a 14.2R1 no maneja correctamente las comillas dobles en los atributos de autorización en la configuración TACACS+, lo que permite a usuarios locales evadir la política de seguridad y ejecutar comandos a través de vectores no especificados. • http://www.securityfocus.com/bid/72077 http://www.securitytracker.com/id/1031547 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10667 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-6383
https://notcve.org/view.php?id=CVE-2014-6383
The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule. El firewall stateless en Juniper Junos 13.3R3, 14.1R1, y 14.1R2, cuando utiliza módulos PFE basado en Trio, no hace coincidir los puertos correctamente, lo que podría permitir a atacantes remotos evadir la regla del firewall. • http://www.securityfocus.com/bid/72071 http://www.securitytracker.com/id/1031549 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10666 • CWE-17: DEPRECATED: Code •