Sign-up

ID

VAR-201308-0278


CVE

CVE-2013-5095


TITLE

Junos Space JA1500 Used in appliances Juniper Junos Space Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-003756

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka PR 884469. Vendors have confirmed this vulnerability PR 884469 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Networks JUNOS Space versions 11.1, 11.2, 11.3, 12.1, 12.2 and 12.3 are vulnerable. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle

Trust: 1.98

sources: NVD: CVE-2013-5095 // JVNDB: JVNDB-2013-003756 // BID: 61791 // VULHUB: VHN-65097

AFFECTED PRODUCTS

vendor:junipermodel:junos spacescope:eqversion:12.3

Trust: 1.9

vendor:junipermodel:junos spacescope:eqversion:12.2

Trust: 1.9

vendor:junipermodel:junos spacescope:eqversion:12.1

Trust: 1.9

vendor:junipermodel:junos spacescope:eqversion:11.3

Trust: 1.9

vendor:junipermodel:junos spacescope:eqversion:11.2

Trust: 1.9

vendor:junipermodel:junos spacescope:eqversion:11.1

Trust: 1.9

vendor:junipermodel:junos spacescope:eqversion:11.4

Trust: 1.6

vendor:junipermodel:junos space virtual appliancescope:eqversion: -

Trust: 1.0

vendor:junipermodel:junos space ja1500 appliancescope:eqversion: -

Trust: 1.0

vendor:junipermodel:junos spacescope:ltversion:13.1r1.6

Trust: 0.8

vendor:junipermodel:junos space ja1500 appliancescope: - version: -

Trust: 0.8

vendor:junipermodel:junos space virtual appliancescope: - version: -

Trust: 0.8

vendor:junipermodel:junos space 13.1r1.6scope:neversion: -

Trust: 0.3

sources: BID: 61791 // JVNDB: JVNDB-2013-003756 // CNNVD: CNNVD-201308-255 // NVD: CVE-2013-5095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5095
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5095
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-255
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65097
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5095
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65097
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65097 // JVNDB: JVNDB-2013-003756 // CNNVD: CNNVD-201308-255 // NVD: CVE-2013-5095

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65097 // JVNDB: JVNDB-2013-003756 // NVD: CVE-2013-5095

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-255

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201308-255

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003756

PATCH
title:JSA10585url:http://kb.juniper.net/JSA10585
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003756

EXTERNAL IDS
db:NVDid:CVE-2013-5095
Trust: 2.8
db:JUNIPERid:JSA10585
Trust: 2.0
db:SECTRACKid:1028923
Trust: 1.1
db:JVNDBid:JVNDB-2013-003756
Trust: 0.8
db:CNNVDid:CNNVD-201308-255
Trust: 0.7
db:BIDid:61791
Trust: 0.4
db:VULHUBid:VHN-65097
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65097 // 
            
            
            
            BID: 61791 // 
            
            
            
            JVNDB: JVNDB-2013-003756 // 
            
            
            
            CNNVD: CNNVD-201308-255 // 
            
            
            
            NVD: CVE-2013-5095

REFERENCES
url:http://kb.juniper.net/jsa10585
Trust: 1.7
url:http://www.securitytracker.com/id/1028923
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5095
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5095
Trust: 0.8
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10585
Trust: 0.3
url:http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65097 // 
            
            
            
            BID: 61791 // 
            
            
            
            JVNDB: JVNDB-2013-003756 // 
            
            
            
            CNNVD: CNNVD-201308-255 // 
            
            
            
            NVD: CVE-2013-5095

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 61791

SOURCES
db:VULHUBid:VHN-65097
db:BIDid:61791
db:JVNDBid:JVNDB-2013-003756
db:CNNVDid:CNNVD-201308-255
db:NVDid:CVE-2013-5095

LAST UPDATE DATE
2024-11-23T21:31:48.310000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65097date:2013-09-12T00:00:00
db:BIDid:61791date:2013-08-15T00:00:00
db:JVNDBid:JVNDB-2013-003756date:2013-08-19T00:00:00
db:CNNVDid:CNNVD-201308-255date:2013-08-20T00:00:00
db:NVDid:CVE-2013-5095date:2024-11-21T01:57:00.420

SOURCES RELEASE DATE
db:VULHUBid:VHN-65097date:2013-08-16T00:00:00
db:BIDid:61791date:2013-08-15T00:00:00
db:JVNDBid:JVNDB-2013-003756date:2013-08-19T00:00:00
db:CNNVDid:CNNVD-201308-255date:2013-08-20T00:00:00
db:NVDid:CVE-2013-5095date:2013-08-16T13:57:23.487