CVE-2016-1261

Summary

J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS).

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS12.1X44 prior to 12.1X44-D55affected
Juniper NetworksJunos OS12.1X46 prior to 12.1X46-D45affected
Juniper NetworksJunos OS12.1X47 prior to 12.1X47-D30affected
Juniper NetworksJunos OS12.3 prior to 12.3R11affected
Juniper NetworksJunos OS12.3X48 prior to 12.3X48-D30affected
Juniper NetworksJunos OS13.2X51 prior to 13.2X51-D40affected
Juniper NetworksJunos OS13.3 prior to 13.3R8affected
Juniper NetworksJunos OS14.1 prior to 14.1R6affected
Juniper NetworksJunos OS14.1X53 prior to 14.1X53-D30affected
Juniper NetworksJunos OS14.2 prior to 14.2R5affected
Juniper NetworksJunos OS15.1 prior to 15.1R3affected
Juniper NetworksJunos OS15.1X49 prior to 15.1X49-D20affected

Weaknesses

  • failure to validate input

Workarounds

Disable J-Web, or limit access to only trusted hosts which may not be compromised by cross-site attacks. For example, deploy jump hosts with no Internet access that use anti-scripting techniques to mitigate potential threats. Alternately, use a dedicated client and dedicated Web browser that is not used to access other sites.

ADP Enrichment

CVE Program Container

Additional References

References