Sign-up

ID

VAR-201312-0245


CVE

CVE-2013-6956


TITLE

IVE OS of Juniper Junos Pulse Secure Access Service Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-005521

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Juniper Networks Secure Access is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Networks Junos Pulse Secure Access Service (SSL VPN) is a simple, intuitive client from Juniper Networks. The client supports remote and mobile users to access enterprise resources with various web devices. A remote attacker could exploit this vulnerability by creating a specially crafted request to inject arbitrary web script or HTML

Trust: 1.98

sources: NVD: CVE-2013-6956 // JVNDB: JVNDB-2013-005521 // BID: 64261 // VULHUB: VHN-66958

AFFECTED PRODUCTS

vendor:junipermodel:ive osscope:eqversion:7.4

Trust: 1.6

vendor:junipermodel:ive osscope:eqversion:8.0

Trust: 1.6

vendor:junipermodel:ive osscope:eqversion:7.3

Trust: 1.6

vendor:junipermodel:ive osscope:eqversion:7.1

Trust: 1.6

vendor:junipermodel:ive osscope:ltversion:7.3

Trust: 0.8

vendor:junipermodel:ive osscope:eqversion:8.0r1

Trust: 0.8

vendor:junipermodel:ive osscope:eqversion:7.3r8

Trust: 0.8

vendor:junipermodel:ive osscope:eqversion:7.4r6

Trust: 0.8

vendor:junipermodel:ive osscope:ltversion:7.4

Trust: 0.8

vendor:junipermodel:ive osscope:ltversion:8.0

Trust: 0.8

vendor:junipermodel:networks secure accessscope:eqversion:65000

Trust: 0.3

vendor:junipermodel:networks secure accessscope:eqversion:45000

Trust: 0.3

vendor:junipermodel:networks sa700 ssl vpnscope:eqversion:0

Trust: 0.3

vendor:junipermodel:networks sa6500 ssl vpnscope:eqversion:0

Trust: 0.3

vendor:junipermodel:networks sa6500 fipsscope:eqversion:0

Trust: 0.3

vendor:junipermodel:networks sa6000 ssl vpnscope:eqversion:0

Trust: 0.3

vendor:junipermodel:networks sa6000 fipsscope:eqversion:0

Trust: 0.3

vendor:junipermodel:networks sa4500 ssl vpnscope:eqversion:0

Trust: 0.3

vendor:junipermodel:networks sa4000 ssl vpnscope:eqversion:0

Trust: 0.3

vendor:junipermodel:networks sa2500 ssl vpnscope:eqversion:0

Trust: 0.3

vendor:junipermodel:networks sa2000 ssl vpnscope:eqversion:0

Trust: 0.3

vendor:junipermodel:networks networks secure accessscope:eqversion:600050000

Trust: 0.3

vendor:junipermodel:networks networks secure accessscope:eqversion:400030000

Trust: 0.3

vendor:junipermodel:networks networks secure accessscope:eqversion:20000

Trust: 0.3

vendor:junipermodel:networks ive os 7.1r1scope: - version: -

Trust: 0.3

sources: BID: 64261 // JVNDB: JVNDB-2013-005521 // CNNVD: CNNVD-201312-306 // NVD: CVE-2013-6956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6956
value: LOW

Trust: 1.0

NVD: CVE-2013-6956
value: LOW

Trust: 0.8

CNNVD: CNNVD-201312-306
value: LOW

Trust: 0.6

VULHUB: VHN-66958
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-6956
severity: LOW
baseScore: 2.1
vectorString: AV:N/AC:H/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66958
severity: LOW
baseScore: 2.1
vectorString: AV:N/AC:H/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66958 // JVNDB: JVNDB-2013-005521 // CNNVD: CNNVD-201312-306 // NVD: CVE-2013-6956

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-66958 // JVNDB: JVNDB-2013-005521 // NVD: CVE-2013-6956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-306

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201312-306

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005521

PATCH
title:JSA10602url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10602
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005521

EXTERNAL IDS
db:NVDid:CVE-2013-6956
Trust: 2.8
db:OSVDBid:100862
Trust: 2.5
db:JUNIPERid:JSA10602
Trust: 2.0
db:SECTRACKid:1029489
Trust: 1.1
db:JVNDBid:JVNDB-2013-005521
Trust: 0.8
db:CNNVDid:CNNVD-201312-306
Trust: 0.7
db:SECUNIAid:56083
Trust: 0.6
db:BIDid:64261
Trust: 0.4
db:VULHUBid:VHN-66958
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66958 // 
            
            
            
            BID: 64261 // 
            
            
            
            JVNDB: JVNDB-2013-005521 // 
            
            
            
            CNNVD: CNNVD-201312-306 // 
            
            
            
            NVD: CVE-2013-6956

REFERENCES
url:http://osvdb.org/100862
Trust: 2.5
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10602
Trust: 1.9
url:http://www.securitytracker.com/id/1029489
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6956
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6956
Trust: 0.8
url:http://secunia.com/advisories/56083
Trust: 0.6
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10602
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66958 // 
            
            
            
            BID: 64261 // 
            
            
            
            JVNDB: JVNDB-2013-005521 // 
            
            
            
            CNNVD: CNNVD-201312-306 // 
            
            
            
            NVD: CVE-2013-6956

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 64261

SOURCES
db:VULHUBid:VHN-66958
db:BIDid:64261
db:JVNDBid:JVNDB-2013-005521
db:CNNVDid:CNNVD-201312-306
db:NVDid:CVE-2013-6956

LAST UPDATE DATE
2024-11-23T22:59:42.613000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66958date:2014-01-04T00:00:00
db:BIDid:64261date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005521date:2013-12-17T00:00:00
db:CNNVDid:CNNVD-201312-306date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6956date:2024-11-21T02:00:03.083

SOURCES RELEASE DATE
db:VULHUBid:VHN-66958date:2013-12-13T00:00:00
db:BIDid:64261date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005521date:2013-12-17T00:00:00
db:CNNVDid:CNNVD-201312-306date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6956date:2013-12-13T18:07:54.313