{"id": "CVE-2013-6956", "bulletinFamily": "NVD", "title": "CVE-2013-6956", "description": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.", "published": "2013-12-13T18:07:00", "modified": "2014-01-04T04:51:00", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6956", "reporter": "cve@mitre.org", "references": ["http://www.securitytracker.com/id/1029489", "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10602", "http://osvdb.org/100862"], "cvelist": ["CVE-2013-6956"], "type": "cve", "lastseen": "2021-02-02T06:07:00", "edition": 4, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "seebug", "idList": ["SSV:61140"]}, {"type": "nessus", "idList": ["JUNOS_PULSE_SA_JSA10602.NASL"]}], "modified": "2021-02-02T06:07:00", "rev": 2}, "score": {"value": 3.7, "vector": "NONE", "modified": "2021-02-02T06:07:00", "rev": 2}, "vulnersScore": 3.7}, "cpe": ["cpe:/o:juniper:ive_os:7.4", "cpe:/o:juniper:ive_os:8.0", "cpe:/o:juniper:ive_os:7.1", "cpe:/o:juniper:ive_os:7.3"], "affectedSoftware": [{"cpeName": "juniper:ive_os", "name": "juniper ive os", "operator": "eq", "version": "7.4"}, {"cpeName": "juniper:ive_os", "name": "juniper ive os", "operator": "eq", "version": "7.3"}, {"cpeName": "juniper:ive_os", "name": "juniper ive os", "operator": "eq", "version": "7.1"}, {"cpeName": "juniper:ive_os", "name": "juniper ive os", "operator": "eq", "version": "8.0"}], "cvss2": {"cvssV2": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:juniper:ive_os:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:juniper:ive_os:8.0:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:ive_os:8.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "100862", "refsource": "OSVDB", "tags": [], "url": "http://osvdb.org/100862"}, {"name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10602", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10602"}, {"name": "1029489", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1029489"}]}

{"nessus": [{"lastseen": "2021-03-01T03:36:10", "description": "According to its self-reported version, the version of Juniper Junos\nPulse Secure Access Service IVE OS running on the remote host is\naffected by an unspecified cross-site scripting vulnerability that is\npresent within a file that pertains to Secure Access Service Web\nrewriting feature pages hosted on the device's web server. An attacker\ncould exploit this issue by tricking a user into requesting a malicious\nURL, resulting in arbitrary script code execution. \n\nNote that the issue is only present when the web rewrite feature is\nenabled on a user's role.", "edition": 26, "published": "2013-12-14T00:00:00", "title": "Juniper Junos Pulse Secure Access Service IVE OS (SSL VPN) XSS (JSA10602)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6956"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:juniper:ive_os", "cpe:/a:juniper:junos_pulse_secure_access_service"], "id": "JUNOS_PULSE_SA_JSA10602.NASL", "href": "https://www.tenable.com/plugins/nessus/71429", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71429);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\"CVE-2013-6956\");\n script_bugtraq_id(64261);\n\n script_name(english:\"Juniper Junos Pulse Secure Access Service IVE OS (SSL VPN) XSS (JSA10602)\");\n script_summary(english:\"Checks OS version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the version of Juniper Junos\nPulse Secure Access Service IVE OS running on the remote host is\naffected by an unspecified cross-site scripting vulnerability that is\npresent within a file that pertains to Secure Access Service Web\nrewriting feature pages hosted on the device's web server. An attacker\ncould exploit this issue by tricking a user into requesting a malicious\nURL, resulting in arbitrary script code execution. \n\nNote that the issue is only present when the web rewrite feature is\nenabled on a user's role.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10602\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Juniper Junos Pulse Secure Access Service IVE OS version\n7.1r17 / 7.3r8 / 7.4r6 / 8.0r1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-6956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:ive_os\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_pulse_secure_access_service\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Juniper/IVE OS/Version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = get_kb_item_or_exit('Host/Juniper/IVE OS/Version');\nmatch = eregmatch(string:version, pattern:\"^([\\d.]+)([Rr](\\d+))?\");\nif (isnull(match)) exit(1, 'Error parsing version: ' + version);\n\nrelease = match[1];\nbuild = 0;\nif (!isnull(match[2])) build = int(match[3]);\n\nif (release == '7.1' && build < 17)\n fix = '7.1r17';\nelse if (release == '7.3' && build < 8)\n fix = '7.3r8';\nelse if (release == '7.4' && build < 6)\n fix = '7.4r6';\nelse if (release == '8.0' && build < 1)\n fix = '8.0r1';\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'IVE OS', version);\n\nset_kb_item(name:'www/0/XSS', value:TRUE);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_note(port:0, extra:report);\n}\nelse security_note(0);\n", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:P/A:N"}}], "seebug": [{"lastseen": "2017-11-19T17:37:58", "description": "CVE ID:CVE-2013-6956\r\n\r\nJuniper Networks\u7684Secure Access\u662f\u4f01\u4e1a\u7ea7\u7684SSL VPN\u63a5\u5165\u8bbe\u5907\uff0c\u8bbe\u5907\u4e0a\u6240\u8fd0\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e3aJuniper IVE OS\u3002\r\n\r\nJuniper Junos Pulse Secure Access Service (IVE)\u5728\u91cd\u5199\u7279\u6027\u9875\u9762\u65f6\u6ca1\u6709\u6b63\u786e\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff0c\u53ef\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u8005\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\n0\nJuniper IVE OS 8.0\r\nJuniper IVE OS 7.4r5\r\nJuniper IVE OS 7.3r7\r\nJuniper IVE OS 7.1r16\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nJuniper\r\n-----\r\nJuniper IVE OS 8.0r1, 7.4r6, 7.3r8, 7.1r17\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttps://www.juniper.net/", "published": "2013-12-17T00:00:00", "type": "seebug", "title": "Juniper Junos Pulse Secure Access Service (IVE)\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6956"], "modified": "2013-12-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61140", "id": "SSV:61140", "sourceData": "", "sourceHref": "", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}]}