var-201312-0245
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Juniper Networks Secure Access is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Networks Junos Pulse Secure Access Service (SSL VPN) is a simple, intuitive client from Juniper Networks. The client supports remote and mobile users to access enterprise resources with various web devices. A remote attacker could exploit this vulnerability by creating a specially crafted request to inject arbitrary web script or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0245",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "8.0"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.3"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.1"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.3"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "8.0r1"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.3r8"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.4r6"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "8.0"
},
{
"model": "networks secure access",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "65000"
},
{
"model": "networks secure access",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "45000"
},
{
"model": "networks sa700 ssl vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "networks sa6500 ssl vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "networks sa6500 fips",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "networks sa6000 ssl vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "networks sa6000 fips",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "networks sa4500 ssl vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "networks sa4000 ssl vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "networks sa2500 ssl vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "networks sa2000 ssl vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "networks networks secure access",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "600050000"
},
{
"model": "networks networks secure access",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "400030000"
},
{
"model": "networks networks secure access",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "20000"
},
{
"model": "networks ive os 7.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "64261"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005521"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-306"
},
{
"db": "NVD",
"id": "CVE-2013-6956"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:juniper:ive_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005521"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "64261"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6956",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2013-6956",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-66958",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6956",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2013-6956",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-306",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-66958",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66958"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005521"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-306"
},
{
"db": "NVD",
"id": "CVE-2013-6956"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Juniper Networks Secure Access is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Networks Junos Pulse Secure Access Service (SSL VPN) is a simple, intuitive client from Juniper Networks. The client supports remote and mobile users to access enterprise resources with various web devices. A remote attacker could exploit this vulnerability by creating a specially crafted request to inject arbitrary web script or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6956"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005521"
},
{
"db": "BID",
"id": "64261"
},
{
"db": "VULHUB",
"id": "VHN-66958"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6956",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "100862",
"trust": 2.5
},
{
"db": "JUNIPER",
"id": "JSA10602",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1029489",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005521",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-306",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "56083",
"trust": 0.6
},
{
"db": "BID",
"id": "64261",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-66958",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66958"
},
{
"db": "BID",
"id": "64261"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005521"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-306"
},
{
"db": "NVD",
"id": "CVE-2013-6956"
}
]
},
"id": "VAR-201312-0245",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-66958"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:59:42.613000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10602",
"trust": 0.8,
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005521"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66958"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005521"
},
{
"db": "NVD",
"id": "CVE-2013-6956"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://osvdb.org/100862"
},
{
"trust": 1.9,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10602"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029489"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6956"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6956"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56083"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.1,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10602"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66958"
},
{
"db": "BID",
"id": "64261"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005521"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-306"
},
{
"db": "NVD",
"id": "CVE-2013-6956"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-66958"
},
{
"db": "BID",
"id": "64261"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005521"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-306"
},
{
"db": "NVD",
"id": "CVE-2013-6956"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-66958"
},
{
"date": "2013-12-12T00:00:00",
"db": "BID",
"id": "64261"
},
{
"date": "2013-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005521"
},
{
"date": "2013-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-306"
},
{
"date": "2013-12-13T18:07:54.313000",
"db": "NVD",
"id": "CVE-2013-6956"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-66958"
},
{
"date": "2013-12-12T00:00:00",
"db": "BID",
"id": "64261"
},
{
"date": "2013-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005521"
},
{
"date": "2013-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-306"
},
{
"date": "2024-11-21T02:00:03.083000",
"db": "NVD",
"id": "CVE-2013-6956"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-306"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IVE OS of Juniper Junos Pulse Secure Access Service Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005521"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-306"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.