CVE-2015-3005: XSS
First published: Fri Apr 10 2015(Updated: )
Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =12.1x44 | |
| Juniper JUNOS | =12.1x44-d10 | |
| Juniper JUNOS | =12.1x44-d15 | |
| Juniper JUNOS | =12.1x44-d20 | |
| Juniper JUNOS | =12.1x44-d25 | |
| Juniper JUNOS | =12.1x44-d30 | |
| Juniper JUNOS | =12.1x44-d35 | |
| Juniper JUNOS | =12.1x44-d40 | |
| Juniper JUNOS | =12.1x46 | |
| Juniper JUNOS | =12.1x46-d10 | |
| Juniper JUNOS | =12.1x46-d15 | |
| Juniper JUNOS | =12.1x46-d20 | |
| Juniper JUNOS | =12.1x46-d25 | |
| Juniper JUNOS | =12.1x47 | |
| Juniper JUNOS | =12.1x47-d10 | |
| Juniper JUNOS | =12.1x48 | |
| Juniper SRX100 | ||
| Juniper SRX110 | ||
| Juniper SRX1400 | ||
| Juniper SRX210 | ||
| Juniper SRX220 | ||
| Juniper SRX240 | ||
| Juniper SRX3400 | ||
| Juniper SRX3600 | ||
| Juniper SRX550 | ||
| juniper srx5600 | ||
| Juniper SRX5800 | ||
| Juniper SRX650 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-3005?
CVE-2015-3005 is classified as a moderate severity cross-site scripting (XSS) vulnerability that affects certain versions of Juniper Junos.
How do I fix CVE-2015-3005?
To fix CVE-2015-3005, update to the patched versions of Junos, specifically 12.1X44-D45, 12.1X46-D30, 12.1X47-D20, or 12.3X48-D10.
What are the affected versions for CVE-2015-3005?
CVE-2015-3005 affects Juniper Junos versions prior to 12.1X44-D45, 12.1X46-D30, 12.1X47-D20, and 12.3X48-D10.
Can CVE-2015-3005 be exploited remotely?
Yes, CVE-2015-3005 can be exploited remotely by attackers to inject arbitrary web scripts or HTML.
What is the impact of CVE-2015-3005 if exploited?
If exploited, CVE-2015-3005 can lead to unauthorized actions on behalf of users and potential compromise of sensitive data.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/12.1x44
- version/juniper junos/12.1x44-d10
- version/juniper junos/12.1x44-d15
- version/juniper junos/12.1x44-d20
- version/juniper junos/12.1x44-d25
- version/juniper junos/12.1x44-d30
- version/juniper junos/12.1x44-d35
- version/juniper junos/12.1x44-d40
- version/juniper junos/12.1x46
- version/juniper junos/12.1x46-d10
- version/juniper junos/12.1x46-d15
- version/juniper junos/12.1x46-d20
- version/juniper junos/12.1x46-d25
- version/juniper junos/12.1x47
- version/juniper junos/12.1x47-d10
- version/juniper junos/12.1x48
- canonical/juniper srx100
- canonical/juniper srx110
- canonical/juniper srx1400
- canonical/juniper srx210
- canonical/juniper srx220
- canonical/juniper srx240
- canonical/juniper srx3400
- canonical/juniper srx3600
- canonical/juniper srx550
- canonical/juniper srx5600
- canonical/juniper srx5800
- canonical/juniper srx650