Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2016-1261
HistoryOct 13, 2017 - 5:29 p.m.

CVE-2016-1261

2017-10-1317:29:00
CWE-352
[email protected]
web.nvd.nist.gov
17
2
cve-2016-1261
j-web
input validation
csrf
dos
nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON

J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS).

Affected configurations

NVD
Node
juniperjunosMatch12.1x44-
OR
juniperjunosMatch12.1x44d10
OR
juniperjunosMatch12.1x44d15
OR
juniperjunosMatch12.1x44d20
OR
juniperjunosMatch12.1x44d25
OR
juniperjunosMatch12.1x44d30
OR
juniperjunosMatch12.1x44d35
OR
juniperjunosMatch12.1x44d40
OR
juniperjunosMatch12.1x44d45
OR
juniperjunosMatch12.1x44d50
OR
juniperjunosMatch12.1x46-
OR
juniperjunosMatch12.1x46d10
OR
juniperjunosMatch12.1x46d15
OR
juniperjunosMatch12.1x46d20
OR
juniperjunosMatch12.1x46d25
OR
juniperjunosMatch12.1x46d30
OR
juniperjunosMatch12.1x46d35
OR
juniperjunosMatch12.1x46d40
OR
juniperjunosMatch12.1x47-
OR
juniperjunosMatch12.1x47d10
OR
juniperjunosMatch12.1x47d15
OR
juniperjunosMatch12.1x47d20
OR
juniperjunosMatch12.1x47d25
OR
juniperjunosMatch12.3-
OR
juniperjunosMatch12.3r1
OR
juniperjunosMatch12.3r2
OR
juniperjunosMatch12.3r3
OR
juniperjunosMatch12.3r4
OR
juniperjunosMatch12.3r5
OR
juniperjunosMatch12.3r6
OR
juniperjunosMatch12.3r7
OR
juniperjunosMatch12.3r8
OR
juniperjunosMatch12.3r9
OR
juniperjunosMatch12.3x48d10
OR
juniperjunosMatch12.3x48d15
OR
juniperjunosMatch12.3x48d25
OR
juniperjunosMatch13.2x51-
OR
juniperjunosMatch13.2x51d15
OR
juniperjunosMatch13.2x51d20
OR
juniperjunosMatch13.2x51d21
OR
juniperjunosMatch13.2x51d25
OR
juniperjunosMatch13.2x51d26
OR
juniperjunosMatch13.2x51d30
OR
juniperjunosMatch13.2x51d35
OR
juniperjunosMatch13.3-
OR
juniperjunosMatch13.3r1
OR
juniperjunosMatch13.3r2
OR
juniperjunosMatch13.3r2-s2
OR
juniperjunosMatch13.3r3
OR
juniperjunosMatch13.3r4
OR
juniperjunosMatch13.3r5
OR
juniperjunosMatch13.3r6
OR
juniperjunosMatch13.3r7
OR
juniperjunosMatch14.1-
OR
juniperjunosMatch14.1r1
OR
juniperjunosMatch14.1r2
OR
juniperjunosMatch14.1r3
OR
juniperjunosMatch14.1r4
OR
juniperjunosMatch14.1r5
OR
juniperjunosMatch14.1x53-
OR
juniperjunosMatch14.1x53d10
OR
juniperjunosMatch14.1x53d15
OR
juniperjunosMatch14.1x53d16
OR
juniperjunosMatch14.1x53d25
OR
juniperjunosMatch14.1x53d26
OR
juniperjunosMatch14.1x53d27
OR
juniperjunosMatch14.2-
OR
juniperjunosMatch14.2r1
OR
juniperjunosMatch14.2r2
OR
juniperjunosMatch14.2r3
OR
juniperjunosMatch14.2r4
OR
juniperjunosMatch15.1r1
OR
juniperjunosMatch15.1r2
OR
juniperjunosMatch15.1x49d10

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "12.1X44 prior to 12.1X44-D55"
      },
      {
        "status": "affected",
        "version": "12.1X46 prior to 12.1X46-D45"
      },
      {
        "status": "affected",
        "version": "12.1X47 prior to 12.1X47-D30"
      },
      {
        "status": "affected",
        "version": "12.3 prior to 12.3R11"
      },
      {
        "status": "affected",
        "version": "12.3X48 prior to 12.3X48-D30"
      },
      {
        "status": "affected",
        "version": "13.2X51 prior to 13.2X51-D40"
      },
      {
        "status": "affected",
        "version": "13.3 prior to 13.3R8"
      },
      {
        "status": "affected",
        "version": "14.1 prior to 14.1R6"
      },
      {
        "status": "affected",
        "version": "14.1X53 prior to 14.1X53-D30"
      },
      {
        "status": "affected",
        "version": "14.2 prior to 14.2R5"
      },
      {
        "status": "affected",
        "version": "15.1 prior to 15.1R3"
      },
      {
        "status": "affected",
        "version": "15.1X49 prior to 15.1X49-D20"
      }
    ]
  }
]

Social References

More

Related

nessus 1
prion 1
cvelist 1
nvd 1
nessus
nessus
Juniper Junos J-Web Service Multiple Vulnerabilities (JSA10723)
2016-04-27 00:00:00
prion
prion
Cross site request forgery (csrf)
2017-10-13 17:29:00
cvelist
cvelist
CVE-2016-1261 Junos: vulnerabilities in J-Web (CVE-2016-1261)
2016-04-13 00:00:00
nvd
nvd
CVE-2016-1261
2017-10-13 17:29:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON
Related for CVE-2016-1261
nessus1prion1cvelist1nvd1