cvelistv5 - cve-2013-6956

CVE-2013-6956 (GCVE-0-2013-6956)

Vulnerability from cvelistv5 – Published: 2013-12-13 18:00 – Updated: 2024-08-06 17:53

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://kb.juniper.net/InfoCenter/index?page=cont…	x_refsource_CONFIRM
	http://osvdb.org/100862	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id/1029489	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:53:45.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602"
          },
          {
            "name": "100862",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/100862"
          },
          {
            "name": "1029489",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029489"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-31T15:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602"
        },
        {
          "name": "100862",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/100862"
        },
        {
          "name": "1029489",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029489"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6956",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602"
            },
            {
              "name": "100862",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/100862"
            },
            {
              "name": "1029489",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029489"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-6956",
    "datePublished": "2013-12-13T18:00:00",
    "dateReserved": "2013-12-04T00:00:00",
    "dateUpdated": "2024-08-06T17:53:45.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4313025-3FC4-42DB-B18E-57EC5C566B74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ECD0F7E-715A-4C52-ACF1-EE7A7042B991\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:ive_os:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7F2DEC8-F096-4519-B194-2D1B0FFB8D0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:ive_os:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"536AF492-C6FF-4C5F-A5DF-DA14DFE8A41F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Cross-site scripting (XSS) en la caracteristica de reescritura en la web del Servicio de Acceso Seguro de Juniper Junos Secure Access Service  (tambi\\u00e9n conocido como SSL VPN) con IVE OS anterior a  7.1r17, 7.3 anterior 7.3r8, 7.4r6 anterior a 7.4y 8.0 anterior a 8.0r1. Cuando la  reescritura web est\\u00e1 habilitada, permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2013-6956",
      "lastModified": "2024-11-21T02:00:03.083",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:S/C:N/I:P/A:N\", \"baseScore\": 2.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2013-12-13T18:07:54.313",
      "references": "[{\"url\": \"http://osvdb.org/100862\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1029489\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/100862\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1029489\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-6956\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-12-13T18:07:54.313\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Cross-site scripting (XSS) en la caracteristica de reescritura en la web del Servicio de Acceso Seguro de Juniper Junos Secure Access Service  (tambi\u00e9n conocido como SSL VPN) con IVE OS anterior a  7.1r17, 7.3 anterior 7.3r8, 7.4r6 anterior a 7.4y 8.0 anterior a 8.0r1. Cuando la  reescritura web est\u00e1 habilitada, permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:N/I:P/A:N\",\"baseScore\":2.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4313025-3FC4-42DB-B18E-57EC5C566B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ECD0F7E-715A-4C52-ACF1-EE7A7042B991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:ive_os:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7F2DEC8-F096-4519-B194-2D1B0FFB8D0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:ive_os:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"536AF492-C6FF-4C5F-A5DF-DA14DFE8A41F\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/100862\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1029489\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/100862\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1029489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTA-2013-AVI-674

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.3r8
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.1r17
Juniper Networks	N/A	Juniper Networks IDP versions 5.1 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 8.0r1
N/A	N/A	Juniper ScreenOS versions 6.2 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.4r6
N/A	N/A	Juniper ScreenOS versions 6.3 et antérieures
N/A	N/A	Juniper ScreenOS versions 5.4 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA0602 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0603 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0604 du 11 décembre 2013	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.3r8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.1r17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks IDP versions 5.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 8.0r1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.4r6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.3 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 5.4 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-6958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6958"
    },
    {
      "name": "CVE-2013-6956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6956"
    },
    {
      "name": "CVE-2013-6957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6957"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-674",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0602 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0603 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0604 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10604\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTA-2013-AVI-674

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.3r8
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.1r17
Juniper Networks	N/A	Juniper Networks IDP versions 5.1 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 8.0r1
N/A	N/A	Juniper ScreenOS versions 6.2 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.4r6
N/A	N/A	Juniper ScreenOS versions 6.3 et antérieures
N/A	N/A	Juniper ScreenOS versions 5.4 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA0602 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0603 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0604 du 11 décembre 2013	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.3r8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.1r17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks IDP versions 5.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 8.0r1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.4r6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.3 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 5.4 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-6958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6958"
    },
    {
      "name": "CVE-2013-6956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6956"
    },
    {
      "name": "CVE-2013-6957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6957"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-674",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0602 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0603 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0604 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10604\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

FKIE_CVE-2013-6956

Vulnerability from fkie_nvd - Published: 2013-12-13 18:07 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/100862
cve@mitre.org	http://www.securitytracker.com/id/1029489
cve@mitre.org	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10602	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/100862
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029489
af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10602	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	ive_os	7.1
juniper	ive_os	7.3
juniper	ive_os	7.4
juniper	ive_os	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4313025-3FC4-42DB-B18E-57EC5C566B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ECD0F7E-715A-4C52-ACF1-EE7A7042B991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:ive_os:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7F2DEC8-F096-4519-B194-2D1B0FFB8D0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:ive_os:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "536AF492-C6FF-4C5F-A5DF-DA14DFE8A41F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Cross-site scripting (XSS) en la caracteristica de reescritura en la web del Servicio de Acceso Seguro de Juniper Junos Secure Access Service  (tambi\u00e9n conocido como SSL VPN) con IVE OS anterior a  7.1r17, 7.3 anterior 7.3r8, 7.4r6 anterior a 7.4y 8.0 anterior a 8.0r1. Cuando la  reescritura web est\u00e1 habilitada, permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-6956",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-12-13T18:07:54.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/100862"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1029489"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/100862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-22H9-HGHR-3QX7

Vulnerability from github – Published: 2022-05-17 04:55 – Updated: 2022-05-17 04:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-6956"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-12-13T18:07:00Z",
    "severity": "LOW"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
  "id": "GHSA-22h9-hghr-3qx7",
  "modified": "2022-05-17T04:55:08Z",
  "published": "2022-05-17T04:55:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6956"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/100862"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1029489"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2013-6956

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-6956

Aliases

CVE-2013-6956

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-6956",
    "description": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2013-6956"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-6956"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2013-6956",
      "modified": "2023-12-13T01:22:19.035966Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-6956",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602"
          },
          {
            "name": "100862",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/100862"
          },
          {
            "name": "1029489",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1029489"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:ive_os:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6956"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602"
            },
            {
              "name": "100862",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/100862"
            },
            {
              "name": "1029489",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1029489"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2014-01-04T04:51Z",
      "publishedDate": "2013-12-13T18:07Z"
    }
  }
}

VAR-201312-0245

Vulnerability from variot - Updated: 2023-12-18 13:57

Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Juniper Networks Secure Access is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Networks Junos Pulse Secure Access Service (SSL VPN) is a simple, intuitive client from Juniper Networks. The client supports remote and mobile users to access enterprise resources with various web devices. A remote attacker could exploit this vulnerability by creating a specially crafted request to inject arbitrary web script or HTML

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201312-0245",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "ive os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "8.0r1"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.3r8"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.4r6"
      },
      {
        "model": "ive os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "ive os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "networks secure access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "65000"
      },
      {
        "model": "networks secure access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "45000"
      },
      {
        "model": "networks sa700 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks sa6500 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks sa6500 fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks sa6000 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks sa6000 fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks sa4500 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks sa4000 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks sa2500 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks sa2000 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks networks secure access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "600050000"
      },
      {
        "model": "networks networks secure access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "400030000"
      },
      {
        "model": "networks networks secure access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "20000"
      },
      {
        "model": "networks ive os 7.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005521"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-306"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:ive_os:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6956"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "64261"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-6956",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2013-6956",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-66958",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-6956",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201312-306",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66958",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66958"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005521"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-306"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Juniper Networks Secure Access is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Networks Junos Pulse Secure Access Service (SSL VPN) is a simple, intuitive client from Juniper Networks. The client supports remote and mobile users to access enterprise resources with various web devices. A remote attacker could exploit this vulnerability by creating a specially crafted request to inject arbitrary web script or HTML",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6956"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005521"
      },
      {
        "db": "BID",
        "id": "64261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66958"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6956",
        "trust": 2.8
      },
      {
        "db": "OSVDB",
        "id": "100862",
        "trust": 2.5
      },
      {
        "db": "JUNIPER",
        "id": "JSA10602",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1029489",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005521",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-306",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "56083",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "64261",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-66958",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66958"
      },
      {
        "db": "BID",
        "id": "64261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005521"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-306"
      }
    ]
  },
  "id": "VAR-201312-0245",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66958"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:57:46.090000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10602",
        "trust": 0.8,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10602"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005521"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66958"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005521"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6956"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://osvdb.org/100862"
      },
      {
        "trust": 1.9,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10602"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1029489"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6956"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6956"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/56083"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.1,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10602"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66958"
      },
      {
        "db": "BID",
        "id": "64261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005521"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-306"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-66958"
      },
      {
        "db": "BID",
        "id": "64261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005521"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-306"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66958"
      },
      {
        "date": "2013-12-12T00:00:00",
        "db": "BID",
        "id": "64261"
      },
      {
        "date": "2013-12-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005521"
      },
      {
        "date": "2013-12-13T18:07:54.313000",
        "db": "NVD",
        "id": "CVE-2013-6956"
      },
      {
        "date": "2013-12-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-306"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66958"
      },
      {
        "date": "2013-12-12T00:00:00",
        "db": "BID",
        "id": "64261"
      },
      {
        "date": "2013-12-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005521"
      },
      {
        "date": "2014-01-04T04:51:00.100000",
        "db": "NVD",
        "id": "CVE-2013-6956"
      },
      {
        "date": "2013-12-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-306"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-306"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IVE OS of  Juniper Junos Pulse Secure Access Service Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005521"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-306"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-6956 (GCVE-0-2013-6956)

CERTA-2013-AVI-674

Solution

CERTA-2013-AVI-674

Solution

FKIE_CVE-2013-6956

GHSA-22H9-HGHR-3QX7

GSD-2013-6956

VAR-201312-0245

Tags

Sightings

Nomenclature