Sign-up

ID

VAR-201312-0246


CVE

CVE-2013-6957


TITLE

Juniper IDP of Web Cross-site scripting vulnerability in management component

Trust: 0.8

sources: JVNDB: JVNDB-2013-005522

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server. Juniper Networks IDP Series are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper IDP is the IDP series intrusion detection and prevention equipment of Juniper Networks (Juniper Networks). The appliances use stateful detection and prevention technology to provide zero-day protection against worms, Trojan horses, spyware, keyloggers and other malware

Trust: 1.98

sources: NVD: CVE-2013-6957 // JVNDB: JVNDB-2013-005522 // BID: 64263 // VULHUB: VHN-66959

AFFECTED PRODUCTS

vendor:junipermodel:idp250scope:eqversion: -

Trust: 1.6

vendor:junipermodel:idp800scope:eqversion: -

Trust: 1.6

vendor:junipermodel:idp8200scope:eqversion: -

Trust: 1.6

vendor:junipermodel:idp75scope:eqversion: -

Trust: 1.6

vendor:junipermodel:idp250scope: - version: -

Trust: 0.8

vendor:junipermodel:idp75scope: - version: -

Trust: 0.8

vendor:junipermodel:idp800scope: - version: -

Trust: 0.8

vendor:junipermodel:idp8200scope: - version: -

Trust: 0.8

vendor:junipermodel:networks idpscope:eqversion:4.1

Trust: 0.3

sources: BID: 64263 // JVNDB: JVNDB-2013-005522 // CNNVD: CNNVD-201312-307 // NVD: CVE-2013-6957

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6957
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6957
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-307
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66959
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6957
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66959
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66959 // JVNDB: JVNDB-2013-005522 // CNNVD: CNNVD-201312-307 // NVD: CVE-2013-6957

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-66959 // JVNDB: JVNDB-2013-005522 // NVD: CVE-2013-6957

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-307

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201312-307

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005522

PATCH
title:JSA10603url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10603
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005522

EXTERNAL IDS
db:NVDid:CVE-2013-6957
Trust: 2.8
db:OSVDBid:100860
Trust: 2.5
db:JUNIPERid:JSA10603
Trust: 2.0
db:SECTRACKid:1029491
Trust: 1.1
db:JVNDBid:JVNDB-2013-005522
Trust: 0.8
db:CNNVDid:CNNVD-201312-307
Trust: 0.7
db:SECUNIAid:56087
Trust: 0.6
db:BIDid:64263
Trust: 0.4
db:VULHUBid:VHN-66959
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66959 // 
            
            
            
            BID: 64263 // 
            
            
            
            JVNDB: JVNDB-2013-005522 // 
            
            
            
            CNNVD: CNNVD-201312-307 // 
            
            
            
            NVD: CVE-2013-6957

REFERENCES
url:http://osvdb.org/100860
Trust: 2.5
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10603
Trust: 1.9
url:http://www.securitytracker.com/id/1029491
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6957
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6957
Trust: 0.8
url:http://secunia.com/advisories/56087
Trust: 0.6
url:http://www.juniper.net/us/en/products-services/security/idp-series/
Trust: 0.3
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10603
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66959 // 
            
            
            
            BID: 64263 // 
            
            
            
            JVNDB: JVNDB-2013-005522 // 
            
            
            
            CNNVD: CNNVD-201312-307 // 
            
            
            
            NVD: CVE-2013-6957

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 64263

SOURCES
db:VULHUBid:VHN-66959
db:BIDid:64263
db:JVNDBid:JVNDB-2013-005522
db:CNNVDid:CNNVD-201312-307
db:NVDid:CVE-2013-6957

LAST UPDATE DATE
2024-11-23T22:31:21.822000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66959date:2014-01-04T00:00:00
db:BIDid:64263date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005522date:2013-12-17T00:00:00
db:CNNVDid:CNNVD-201312-307date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6957date:2024-11-21T02:00:03.237

SOURCES RELEASE DATE
db:VULHUBid:VHN-66959date:2013-12-13T00:00:00
db:BIDid:64263date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005522date:2013-12-17T00:00:00
db:CNNVDid:CNNVD-201312-307date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6957date:2013-12-13T18:07:54.373