According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R1. It is, therefore, affected by multiple vulnerabilities :
An error exists within the Apache ‘mod_session_dbd’ module, related to save operations for a session, due to a failure to consider the dirty flag and to require a new session ID. An unauthenticated, remote attacker can exploit this to have an unspecified impact.
(CVE-2013-2249)
An unspecified flaw exists in the MySQL Server component related to error handling that allows a remote attacker to cause a denial of service condition. (CVE-2013-5908)
A flaw exists within the Apache ‘mod_dav’ module that is caused when tracking the length of CDATA that has leading white space. An unauthenticated, remote attacker can exploit this, via a specially crafted DAV WRITE request, to cause the service to stop responding.
(CVE-2013-6438)
A flaw exists within the Apache ‘mod_log_config’ module that is caused when logging a cookie that has an unassigned value. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the service to crash. (CVE-2014-0098)
A flaw exists, related to pixel manipulation, in the 2D component in the Oracle Java runtime that allows an unauthenticated, remote attacker to impact availability, confidentiality, and integrity. (CVE-2014-0429)
A flaw exists, related to PKCS#1 unpadding, in the Security component in the Oracle Java runtime that allows an unauthenticated, remote attacker to gain knowledge of timing information, which is intended to be protected by encryption. (CVE-2014-0453)
A race condition exists, related to array copying, in the Hotspot component in the Oracle Java runtime that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2014-0456)
A flaw exists in the JNDI component in the Oracle Java runtime due to missing randomization of query IDs. An unauthenticated, remote attacker can exploit this to conduct spoofing attacks. (CVE-2014-0460)
A flaw exists in the Mozilla Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
(CVE-2014-1568)
An unspecified flaw exists in the MySQL Server component related to the CLIENT:SSL:yaSSL subcomponent that allows a remote attacker to impact integrity. (CVE-2014-6478)
Multiple unspecified flaws exist in the MySQL Server component related to the SERVER:SSL:yaSSL subcomponent that allow a remote attacker to impact confidentiality, integrity, and availability. (CVE-2014-6491, CVE-2014-6500)
Multiple unspecified flaws exist in the MySQL Server component related to the CLIENT:SSL:yaSSL subcomponent that allow a remote attacker to cause a denial of service condition. (CVE-2014-6494, CVE-2014-6495, CVE-2014-6496)
An unspecified flaw exists in the MySQL Server component related to the C API SSL Certificate Handling subcomponent that allows a remote attacker to disclose potentially sensitive information. (CVE-2014-6559)
An unspecified flaw exists in the MySQL Server component related to the Server:Compiling subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-0501)
An XML external entity (XXE) injection vulnerability exists in OpenNMS due to the Castor component accepting XML external entities from exception messages. An unauthenticated, remote attacker can exploit this, via specially crafted XML data in a RTC post, to access local files. (CVE-2015-0975)
An unspecified flaw exists in the MySQL Server component related to the Server:Security:Privileges subcomponent that allows a remote attacker to disclose potentially sensitive information. (CVE-2015-2620)
A heap buffer overflow condition exists in QEMU in the pcnet_transmit() function within file hw/net/pcnet.c due to improper validation of user-supplied input when handling multi-TMD packets with a length above 4096 bytes. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to gain elevated privileges from guest to host. (CVE-2015-3209)
Multiple cross-site scripting (XSS), SQL injection, and command injection vulnerabilities exist in Junos Space that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2015-7753)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(91778);
script_version("1.4");
script_cvs_date("Date: 2018/07/12 19:01:16");
script_cve_id(
"CVE-2013-2249",
"CVE-2013-5908",
"CVE-2013-6438",
"CVE-2014-0098",
"CVE-2014-0429",
"CVE-2014-0453",
"CVE-2014-0456",
"CVE-2014-0460",
"CVE-2014-1568",
"CVE-2014-6478",
"CVE-2014-6491",
"CVE-2014-6494",
"CVE-2014-6495",
"CVE-2014-6496",
"CVE-2014-6500",
"CVE-2014-6559",
"CVE-2015-0501",
"CVE-2015-0975",
"CVE-2015-2620",
"CVE-2015-3209",
"CVE-2015-7753"
);
script_bugtraq_id(
61379,
64896,
66303,
66856,
66877,
66914,
66916,
70116,
70444,
70469,
70478,
70487,
70489,
70496,
70497,
74070,
75123,
75837
);
script_xref(name:"JSA", value:"JSA10698");
script_name(english:"Juniper Junos Space < 15.1R1 Multiple Vulnerabilities (JSA10698)");
script_summary(english:"Checks the version of Junos Space.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the version of Junos
Space running on the remote device is prior to 15.1R1. It is,
therefore, affected by multiple vulnerabilities :
- An error exists within the Apache 'mod_session_dbd'
module, related to save operations for a session, due to
a failure to consider the dirty flag and to require a
new session ID. An unauthenticated, remote attacker can
exploit this to have an unspecified impact.
(CVE-2013-2249)
- An unspecified flaw exists in the MySQL Server component
related to error handling that allows a remote attacker
to cause a denial of service condition. (CVE-2013-5908)
- A flaw exists within the Apache 'mod_dav' module that is
caused when tracking the length of CDATA that has
leading white space. An unauthenticated, remote attacker
can exploit this, via a specially crafted DAV WRITE
request, to cause the service to stop responding.
(CVE-2013-6438)
- A flaw exists within the Apache 'mod_log_config' module
that is caused when logging a cookie that has an
unassigned value. An unauthenticated, remote attacker
can exploit this, via a specially crafted request, to
cause the service to crash. (CVE-2014-0098)
- A flaw exists, related to pixel manipulation, in the
2D component in the Oracle Java runtime that allows an
unauthenticated, remote attacker to impact availability,
confidentiality, and integrity. (CVE-2014-0429)
- A flaw exists, related to PKCS#1 unpadding, in the
Security component in the Oracle Java runtime that
allows an unauthenticated, remote attacker to gain
knowledge of timing information, which is intended to
be protected by encryption. (CVE-2014-0453)
- A race condition exists, related to array copying, in
the Hotspot component in the Oracle Java runtime that
allows an unauthenticated, remote attacker to execute
arbitrary code. (CVE-2014-0456)
- A flaw exists in the JNDI component in the Oracle Java
runtime due to missing randomization of query IDs. An
unauthenticated, remote attacker can exploit this to
conduct spoofing attacks. (CVE-2014-0460)
- A flaw exists in the Mozilla Network Security Services
(NSS) library, which is due to lenient parsing of ASN.1
values involved in a signature and can lead to the
forgery of RSA signatures, such as SSL certificates.
(CVE-2014-1568)
- An unspecified flaw exists in the MySQL Server component
related to the CLIENT:SSL:yaSSL subcomponent that allows
a remote attacker to impact integrity. (CVE-2014-6478)
- Multiple unspecified flaws exist in the MySQL Server
component related to the SERVER:SSL:yaSSL subcomponent
that allow a remote attacker to impact confidentiality,
integrity, and availability. (CVE-2014-6491,
CVE-2014-6500)
- Multiple unspecified flaws exist in the MySQL Server
component related to the CLIENT:SSL:yaSSL subcomponent
that allow a remote attacker to cause a denial of
service condition. (CVE-2014-6494, CVE-2014-6495,
CVE-2014-6496)
- An unspecified flaw exists in the MySQL Server component
related to the C API SSL Certificate Handling
subcomponent that allows a remote attacker to disclose
potentially sensitive information. (CVE-2014-6559)
- An unspecified flaw exists in the MySQL Server component
related to the Server:Compiling subcomponent that allows
an authenticated, remote attacker to cause a denial of
service condition. (CVE-2015-0501)
- An XML external entity (XXE) injection vulnerability
exists in OpenNMS due to the Castor component accepting
XML external entities from exception messages. An
unauthenticated, remote attacker can exploit this, via
specially crafted XML data in a RTC post, to access
local files. (CVE-2015-0975)
- An unspecified flaw exists in the MySQL Server component
related to the Server:Security:Privileges subcomponent
that allows a remote attacker to disclose potentially
sensitive information. (CVE-2015-2620)
- A heap buffer overflow condition exists in QEMU in the
pcnet_transmit() function within file hw/net/pcnet.c
due to improper validation of user-supplied input when
handling multi-TMD packets with a length above 4096
bytes. An unauthenticated, remote attacker can exploit
this, via specially crafted packets, to gain elevated
privileges from guest to host. (CVE-2015-3209)
- Multiple cross-site scripting (XSS), SQL injection, and
command injection vulnerabilities exist in Junos Space
that allow an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2015-7753)");
# https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698&actp=search
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?22595a74");
script_set_attribute(attribute:"solution", value:
"Upgrade to Junos Space version 15.1R1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/19");
script_set_attribute(attribute:"patch_publication_date", value:"2015/10/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_space");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/Junos_Space/version");
exit(0);
}
include("junos.inc");
include("misc_func.inc");
ver = get_kb_item_or_exit('Host/Junos_Space/version');
check_junos_space(ver:ver, fix:'15.1R1', severity:SECURITY_HOLE, xss:TRUE, xsrf:TRUE, sqli:TRUE);
Vendor | Product | Version | CPE |
---|---|---|---|
juniper | junos_space | cpe:/a:juniper:junos_space |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2620
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7753
www.nessus.org/u?22595a74