Details of VAR-200803-0352

ID

VAR-200803-0352

CVE

CVE-2008-1180

TITLE

Juniper Networks Secure Access 2000 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2008-004189

DESCRIPTION

Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Juniper Networks Secure Access 2000 5.5R1 Build 11711 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Input passed to the "delivery_mode" parameter in dana-na/auth/rdremediate.cgi is not properly sanitised before being returned to the user. The vulnerability is reported in version 5.5R1 (build 11711). Other versions may also be affected. SOLUTION: The vulnerability is reportedly fixed in version 5.5R3. PROVIDED AND/OR DISCOVERED BY: Richard Brain, ProCheckUp Ltd ORIGINAL ADVISORY: http://www.procheckup.com/Vulnerability_PR07-41.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-1180 // JVNDB: JVNDB-2008-004189 // BID: 28034 // VULHUB: VHN-31305 // PACKETSTORM: 64252

AFFECTED PRODUCTS

vendor:	juniper	model:	secure access 2000	scope:	eq	version:	5.5	Trust: 1.6
vendor:	juniper	model:	secure access 2000	scope:	eq	version:	5.5 r1 build 11711	Trust: 0.8
vendor:	juniper	model:	networks secure access 5.5r1 build	scope:	eq	version:	200011711	Trust: 0.3
vendor:	juniper	model:	networks secure access	scope:	eq	version:	20000	Trust: 0.3
vendor:	juniper	model:	networks secure access 5.5r3	scope:	ne	version:	2000	Trust: 0.3

sources: BID: 28034 // JVNDB: JVNDB-2008-004189 // CNNVD: CNNVD-200803-069 // NVD: CVE-2008-1180

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-1180
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-1180
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200803-069
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-31305
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-1180
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-31305
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-31305 // JVNDB: JVNDB-2008-004189 // CNNVD: CNNVD-200803-069 // NVD: CVE-2008-1180

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-31305 // JVNDB: JVNDB-2008-004189 // NVD: CVE-2008-1180

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-069

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 64252 // CNNVD: CNNVD-200803-069

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-004189

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-31305

PATCH

title:

Secure Access

url:

http://www.juniper.net/us/en/products-services/security/sa-series/

Trust: 0.8

sources: JVNDB: JVNDB-2008-004189

EXTERNAL IDS

db:	NVD	id:	CVE-2008-1180	Trust: 2.8
db:	BID	id:	28034	Trust: 2.0
db:	SECUNIA	id:	29165	Trust: 1.8
db:	VUPEN	id:	ADV-2008-0762	Trust: 1.7
db:	SREASON	id:	3720	Trust: 1.7
db:	JVNDB	id:	JVNDB-2008-004189	Trust: 0.8
db:	CNNVD	id:	CNNVD-200803-069	Trust: 0.7
db:	BUGTRAQ	id:	20080228 PR07-41: XSS ON JUNIPER NETWORKS SECURE ACCESS 2000	Trust: 0.6
db:	XF	id:	40916	Trust: 0.6
db:	SEEBUG	id:	SSVID-84647	Trust: 0.1
db:	EXPLOIT-DB	id:	31311	Trust: 0.1
db:	VULHUB	id:	VHN-31305	Trust: 0.1
db:	PACKETSTORM	id:	64252	Trust: 0.1

sources: VULHUB: VHN-31305 // BID: 28034 // JVNDB: JVNDB-2008-004189 // PACKETSTORM: 64252 // CNNVD: CNNVD-200803-069 // NVD: CVE-2008-1180

REFERENCES

url:	http://www.procheckup.com/vulnerability_pr07-41.php	Trust: 2.1
url:	http://www.securityfocus.com/bid/28034	Trust: 1.7
url:	http://secunia.com/advisories/29165	Trust: 1.7
url:	http://securityreason.com/securityalert/3720	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/488918/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/0762	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/40916	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1180	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1180	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/40916	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/488918/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/0762	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/products_and_services/ssl_vpn_secure_access/secure_access_2000/	Trust: 0.3
url:	/archive/1/488918	Trust: 0.3
url:	http://secunia.com/advisories/29165/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	https://psi.secunia.com/?page=changelog	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/11165/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-31305 // BID: 28034 // JVNDB: JVNDB-2008-004189 // PACKETSTORM: 64252 // CNNVD: CNNVD-200803-069 // NVD: CVE-2008-1180

CREDITS

Richard Brain of ProCheckUp Ltd. is credited with discovering this vulnerability.

Trust: 0.3

sources: BID: 28034

SOURCES

db:	VULHUB	id:	VHN-31305
db:	BID	id:	28034
db:	JVNDB	id:	JVNDB-2008-004189
db:	PACKETSTORM	id:	64252
db:	CNNVD	id:	CNNVD-200803-069
db:	NVD	id:	CVE-2008-1180

LAST UPDATE DATE

2024-11-23T21:56:55.718000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-31305	date:	2018-10-11T00:00:00
db:	BID	id:	28034	date:	2015-04-16T18:05:00
db:	JVNDB	id:	JVNDB-2008-004189	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200803-069	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-1180	date:	2024-11-21T00:43:52.040

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-31305	date:	2008-03-06T00:00:00
db:	BID	id:	28034	date:	2008-02-28T00:00:00
db:	JVNDB	id:	JVNDB-2008-004189	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	64252	date:	2008-03-04T21:58:46
db:	CNNVD	id:	CNNVD-200803-069	date:	2008-03-05T00:00:00
db:	NVD	id:	CVE-2008-1180	date:	2008-03-06T00:44:00