CVE-2015-3004

Name of the Vulnerable Software and Affected Versions Junos versions 11.4 through 11.4R11, 12.1X44 through 12.1X44-D34, 12.1X46 through 12.1X46-D24, 12.1X47 through 12.1X47-D9, 12.3X48 through 12.3X48-D9, 12.2 through 12.2R8, 12.3 through 12.3R6, 13.2 through 13.2R5, 13.2X51 through 13.2X51-D19, 13.3 through 13.3R4, 14.1 through 14.1R2, 14.1X53 through 14.1X53-D9, and 14.2 through 14.2R0

Description The issue allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. This is related to J-Web in Juniper Junos.

Recommendations For versions 11.4 through 11.4R11, update to 11.4R12 or later. For versions 12.1X44 through 12.1X44-D34, update to 12.1X44-D35 or later. For versions 12.1X46 through 12.1X46-D24, update to 12.1X46-D25 or later. For versions 12.1X47 through 12.1X47-D9, update to 12.1X47-D10 or later. For versions 12.3X48 through 12.3X48-D9, update to 12.3X48-D10 or later. For versions 12.2 through 12.2R8, update to 12.2R9 or later. For versions 12.3 through 12.3R6, update to 12.3R7 or later. For versions 13.2 through 13.2R5, update to 13.2R6 or later. For versions 13.2X51 through 13.2X51-D19, update to 13.2X51-D20 or later. For versions 13.3 through 13.3R4, update to 13.3R5 or later. For versions 14.1 through 14.1R2, update to 14.1R3 or later. For versions 14.1X53 through 14.1X53-D9, update to 14.1X53-D10 or later. For versions 14.2 through 14.2R0, update to 14.2R1 or later.