Details of VAR-201308-0003

ID

VAR-201308-0003

CVE

CVE-2012-5460

TITLE

Juniper Secure Access of IVE OS Help page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003638

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. Junos Pulse Secure Access Service (SSL VPN) is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks may also be possible. The client supports remote and mobile users to access enterprise resources with various web devices. The vulnerability exists in the following product versions: versions prior to 7.1r13, versions prior to 7.2r7, versions prior to 7.3r2. ------------------------------------------------------------------------------- | Juniper Secure Access XSS Vulnerability| -------------------------------------------------------------------------------- Summary =============== Juniper Secure Access software has reflected XSS vulnerability CVE number: CVE-2012-5460 PSN-2013-03-874 Impact: Low Vendor homepage: http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view Vendor notified: 06/06/2012 Vendor fixed: 12/12/2012 Affected Products ================= Juniper SA (IVE OS) to versions prior to 7.1r13, 7.2r7, 7.3r2 . Details ================== In order to exploit this vulnerability , the client should authenticate to SSLVPN service.The vulnerable parameter exists on help page of IVE user web interface. Effected parameter: WWHSearchWordsText Impact ================== Execution of arbitrary script code in a user's browser during an authenticated session. Solution ================== Upgrade to 7.1r13, 7.2r7, 7.3r2, or higher. Twitter @pazwant

Trust: 2.07

sources: NVD: CVE-2012-5460 // JVNDB: JVNDB-2013-003638 // BID: 61399 // VULHUB: VHN-58741 // PACKETSTORM: 122518

AFFECTED PRODUCTS

vendor:	juniper	model:	ive os	scope:	eq	version:	7.3	Trust: 1.6
vendor:	juniper	model:	ive os	scope:	eq	version:	7.1	Trust: 1.6
vendor:	juniper	model:	ive os	scope:	eq	version:	7.2	Trust: 1.6
vendor:	juniper	model:	secure access virtual appliance	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	fips secure access 4500	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	secure access 700	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	secure access 2000	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	secure access 4500	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	mag6610 gateway	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	secure access 6000	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	secure access 2500	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	mag2600 gateway	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	mag6611 gateway	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	fips secure access 6000	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	secure access 6500	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	fips secure access 6500	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	fips secure access 4000	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	secure access 4000	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	mag4610 gateway	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	ive os	scope:	eq	version:	7.2r7	Trust: 0.8
vendor:	juniper	model:	secure access 700	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 6000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	fips secure access 4000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	ive os	scope:	lt	version:	7.3.x	Trust: 0.8
vendor:	juniper	model:	secure access 6500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	fips secure access 6000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 4000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	mag4610 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	mag2600 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	mag6611 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 4500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	ive os	scope:	eq	version:	7.3r2	Trust: 0.8
vendor:	juniper	model:	mag6610 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 2000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access virtual appliance	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	ive os	scope:	lt	version:	7.2.x	Trust: 0.8
vendor:	juniper	model:	fips secure access 6500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 2500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	fips secure access 4500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service virtual appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service sa700	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service sa6500	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service sa6000	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service sa4500	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service sa4000	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service sa2500	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service sa2000	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service mag6611	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service mag6610	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service mag4610	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service mag2600	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service fips sa6500	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service fips sa6000	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service fips sa4500	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos pulse secure access service fips sa4000	scope:	-	version:	-	Trust: 0.3

sources: BID: 61399 // JVNDB: JVNDB-2013-003638 // CNNVD: CNNVD-201307-518 // NVD: CVE-2012-5460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5460
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-5460
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-518
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-58741
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-5460
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-58741
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-58741 // JVNDB: JVNDB-2013-003638 // CNNVD: CNNVD-201307-518 // NVD: CVE-2012-5460

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-58741 // JVNDB: JVNDB-2013-003638 // NVD: CVE-2012-5460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-518

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 122518 // CNNVD: CNNVD-201307-518

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003638

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-58741

PATCH

title:

JSA10554

url:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10554

Trust: 0.8

sources: JVNDB: JVNDB-2013-003638

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5460	Trust: 2.9
db:	BID	id:	61399	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003638	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-518	Trust: 0.7
db:	BUGTRAQ	id:	20130722 JUNIPER SECURE ACCESS XSS VULNERABILITY	Trust: 0.6
db:	JUNIPER	id:	JSA10554	Trust: 0.3
db:	PACKETSTORM	id:	122518	Trust: 0.2
db:	VULHUB	id:	VHN-58741	Trust: 0.1

sources: VULHUB: VHN-58741 // BID: 61399 // JVNDB: JVNDB-2013-003638 // PACKETSTORM: 122518 // CNNVD: CNNVD-201307-518 // NVD: CVE-2012-5460

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html	Trust: 2.5
url:	http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search&txtalertnumber=psn-2013-03-874&viewmode=view	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5460	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5460	Trust: 0.8
url:	http://www.securityfocus.com/bid/61399	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10554	Trust: 0.3
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/us/en/products-services/software/junos-platform/junos-pulse/secure-access/	Trust: 0.3
url:	http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search&txtalertnumber=psn-2013-03-874&viewmode=view	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-5460	Trust: 0.1

sources: VULHUB: VHN-58741 // BID: 61399 // JVNDB: JVNDB-2013-003638 // PACKETSTORM: 122518 // CNNVD: CNNVD-201307-518 // NVD: CVE-2012-5460

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 61399

SOURCES

db:	VULHUB	id:	VHN-58741
db:	BID	id:	61399
db:	JVNDB	id:	JVNDB-2013-003638
db:	PACKETSTORM	id:	122518
db:	CNNVD	id:	CNNVD-201307-518
db:	NVD	id:	CVE-2012-5460

LAST UPDATE DATE

2024-08-14T14:06:45.753000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-58741	date:	2013-08-01T00:00:00
db:	BID	id:	61399	date:	2013-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-003638	date:	2013-08-05T00:00:00
db:	CNNVD	id:	CNNVD-201307-518	date:	2013-07-23T00:00:00
db:	NVD	id:	CVE-2012-5460	date:	2013-08-01T13:32:35.103

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-58741	date:	2013-08-01T00:00:00
db:	BID	id:	61399	date:	2013-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-003638	date:	2013-08-05T00:00:00
db:	PACKETSTORM	id:	122518	date:	2013-07-23T14:44:44
db:	CNNVD	id:	CNNVD-201307-518	date:	2013-07-23T00:00:00
db:	NVD	id:	CVE-2012-5460	date:	2013-08-01T13:32:35.103