Search...

Juniper Secure Access crossite scripting

2013-07-29T00:00:00

ID SECURITYVULNS:VULN:13221
Type securityvulns
Reporter BUGTRAQ
Modified 2013-07-29T00:00:00

Description

Crossite scripting in SSLVPN.

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:VULN:13221", "bulletinFamily": "software", "title": "Juniper Secure Access crossite scripting", "description": "Crossite scripting in SSLVPN.", "published": "2013-07-29T00:00:00", "modified": "2013-07-29T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13221", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:29661"], "cvelist": ["CVE-2012-5460"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:52", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "1b0a155de4506486e6fb6b43dcd08ce1"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "0a8b5f30ff4dd3c567872e9487601294"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "82da5aa708a849e178d5a8cc349811e6"}, {"key": "href", "hash": "a11df449166b9bf4f8db879bfe14b3da"}, {"key": "modified", "hash": "3edf226566cb69ee167d456e43b0d2bf"}, {"key": "published", "hash": "3edf226566cb69ee167d456e43b0d2bf"}, {"key": "references", "hash": "abc2ccfb6ec25d55291229a782950bd8"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "9181c5e1f38717cf94ff7dcb21191412"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "9466a2b89891e4b8161cface27bd5c4867d8617663f32b4bc748b5b371be5585", "viewCount": 3, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2018-08-31T11:09:52"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-5460"]}, {"type": "nessus", "idList": ["JUNOS_PULSE_SA_JSA10554.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29661"]}], "modified": "2018-08-31T11:09:52"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Juniper Secure Access", "operator": "eq", "version": "7.3"}]}

{"cve": [{"lastseen": "2016-09-03T17:15:29", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.", "modified": "2013-08-01T00:00:00", "published": "2013-08-01T09:32:35", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5460", "id": "CVE-2012-5460", "title": "CVE-2012-5460", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:19:51", "bulletinFamily": "scanner", "description": "According to its self-reported version, the version of IVE OS running on the remote host has the following cross-site scripting vulnerabilities :\n\n - An unspecified cross-site scripting issue exists related to login pages.\n\n - A cross-site scripting vulnerability exists in the WWHSearchWordsText parameter of the help page.\n\nAn attacker could exploit either of these issues by tricking a user into requesting a malicious URL, resulting in arbitrary script code execution.", "modified": "2018-08-22T00:00:00", "id": "JUNOS_PULSE_SA_JSA10554.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69241", "published": "2013-08-07T00:00:00", "title": "Junos Pulse Secure Access Service (SSL VPN) Multiple XSS (JSA10554)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69241);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/22 16:49:14\");\n\n script_cve_id(\"CVE-2012-5460\");\n script_bugtraq_id(61399);\n\n script_name(english:\"Junos Pulse Secure Access Service (SSL VPN) Multiple XSS (JSA10554)\");\n script_summary(english:\"Checks OS version\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version, the version of IVE OS running\non the remote host has the following cross-site scripting\nvulnerabilities :\n\n - An unspecified cross-site scripting issue exists related\n to login pages.\n\n - A cross-site scripting vulnerability exists in the\n WWHSearchWordsText parameter of the help page.\n\nAn attacker could exploit either of these issues by tricking a user into\nrequesting a malicious URL, resulting in arbitrary script code\nexecution.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2013/Jul/147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10554\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Juniper IVE OS version 7.1r13 / 7.2r7 / 7.3r2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/12\"); # bugtraq mailing list\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:ive_os\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_pulse_secure_access_service\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Juniper/IVE OS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit('Host/Juniper/IVE OS/Version');\nmatch = eregmatch(string:version, pattern:\"^([\\d.]+)[Rr](\\d+)\");\nif (isnull(match)) exit(1, 'Error parsing version: ' + version);\n\nrelease = match[1];\nbuild = int(match[2]);\n\nif (release == '7.1' && build < 13)\n fix = '7.1r13';\nelse if (release == '7.2' && build < 7)\n fix = '7.2r7';\nelse if (release == '7.3' && build < 2)\n fix = '7.3r2';\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'IVE OS', version);\n\nset_kb_item(name:'www/0/XSS', value:TRUE);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_warning(port:0, extra:report);\n}\nelse security_warning(0);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "description": "\r\n\r\n-------------------------------------------------------------------------------\r\n\r\n\r\n| Juniper Secure Access XSS Vulnerability|\r\n\r\n\r\n--------------------------------------------------------------------------------\r\n\r\n\r\nSummary\r\n===============\r\n\r\nJuniper Secure Access software has reflected XSS vulnerability\r\n\r\nCVE number: CVE-2012-5460\r\nPSN-2013-03-874\r\nImpact: Low\r\n\r\nVendor homepage:\r\nhttp://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view\r\n\r\nVendor notified: 06/06/2012\r\n\r\nVendor fixed: 12/12/2012\r\n\r\nAffected Products\r\n=================\r\nJuniper SA (IVE OS) to versions prior to 7.1r13, 7.2r7, 7.3r2 .\r\n\r\n\r\nDetails\r\n==================\r\nIn order to exploit this vulnerability , the client should\r\nauthenticate to SSLVPN service.The vulnerable parameter exists on help\r\npage of IVE user web interface.\r\n\r\nEffected parameter: WWHSearchWordsText\r\n\r\nImpact\r\n==================\r\nExecution of arbitrary script code in a user's browser during an\r\nauthenticated session.\r\n\r\n\r\nSolution\r\n==================\r\nUpgrade to 7.1r13, 7.2r7, 7.3r2, or higher.\r\n\r\nTwitter @pazwant\r\n", "modified": "2013-07-29T00:00:00", "published": "2013-07-29T00:00:00", "id": "SECURITYVULNS:DOC:29661", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29661", "title": "Juniper Secure Access XSS Vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}