cvelistv5 - cve-2013-6957

CVE-2013-6957 (GCVE-0-2013-6957)

Vulnerability from cvelistv5 – Published: 2013-12-13 18:00 – Updated: 2024-08-06 17:53

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://kb.juniper.net/InfoCenter/index?page=cont…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1029491	vdb-entryx_refsource_SECTRACK
	http://osvdb.org/100860	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:53:45.385Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603"
          },
          {
            "name": "1029491",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029491"
          },
          {
            "name": "100860",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/100860"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-31T15:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603"
        },
        {
          "name": "1029491",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029491"
        },
        {
          "name": "100860",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/100860"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6957",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603"
            },
            {
              "name": "1029491",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029491"
            },
            {
              "name": "100860",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/100860"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-6957",
    "datePublished": "2013-12-13T18:00:00",
    "dateReserved": "2013-12-04T00:00:00",
    "dateUpdated": "2024-08-06T17:53:45.385Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:idp250:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60A5EAF5-4E2C-4A5C-A4B8-6370490136AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:idp75:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DD39F3D-8DD7-48DA-A8C2-543B8B05E50F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:idp800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"567C7544-3C8B-468B-A2A1-0750B4623EA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:idp8200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AC3940A-9974-48AC-BEA6-66F1DC8D91DA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad CSRF (cross-site request forgery) en el componente administrativo web de Juniper IDP permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\\u00e9s de vectores no especificados en el servidor web de ACM.\"}]",
      "id": "CVE-2013-6957",
      "lastModified": "2024-11-21T02:00:03.237",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2013-12-13T18:07:54.373",
      "references": "[{\"url\": \"http://osvdb.org/100860\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1029491\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/100860\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1029491\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-6957\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-12-13T18:07:54.373\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad CSRF (cross-site request forgery) en el componente administrativo web de Juniper IDP permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados en el servidor web de ACM.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:idp250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60A5EAF5-4E2C-4A5C-A4B8-6370490136AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:idp75:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DD39F3D-8DD7-48DA-A8C2-543B8B05E50F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:idp800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"567C7544-3C8B-468B-A2A1-0750B4623EA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:idp8200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AC3940A-9974-48AC-BEA6-66F1DC8D91DA\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/100860\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1029491\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/100860\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1029491\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTA-2013-AVI-674

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.3r8
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.1r17
Juniper Networks	N/A	Juniper Networks IDP versions 5.1 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 8.0r1
N/A	N/A	Juniper ScreenOS versions 6.2 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.4r6
N/A	N/A	Juniper ScreenOS versions 6.3 et antérieures
N/A	N/A	Juniper ScreenOS versions 5.4 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA0602 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0603 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0604 du 11 décembre 2013	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.3r8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.1r17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks IDP versions 5.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 8.0r1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.4r6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.3 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 5.4 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-6958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6958"
    },
    {
      "name": "CVE-2013-6956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6956"
    },
    {
      "name": "CVE-2013-6957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6957"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-674",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0602 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0603 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0604 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10604\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTA-2013-AVI-674

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.3r8
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.1r17
Juniper Networks	N/A	Juniper Networks IDP versions 5.1 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 8.0r1
N/A	N/A	Juniper ScreenOS versions 6.2 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.4r6
N/A	N/A	Juniper ScreenOS versions 6.3 et antérieures
N/A	N/A	Juniper ScreenOS versions 5.4 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA0602 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0603 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0604 du 11 décembre 2013	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.3r8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.1r17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks IDP versions 5.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 8.0r1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.4r6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.3 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 5.4 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-6958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6958"
    },
    {
      "name": "CVE-2013-6956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6956"
    },
    {
      "name": "CVE-2013-6957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6957"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-674",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0602 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0603 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0604 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10604\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

FKIE_CVE-2013-6957

Vulnerability from fkie_nvd - Published: 2013-12-13 18:07 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/100860
cve@mitre.org	http://www.securitytracker.com/id/1029491
cve@mitre.org	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10603	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/100860
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029491
af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10603	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	idp250	-
juniper	idp75	-
juniper	idp800	-
juniper	idp8200	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:juniper:idp250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A5EAF5-4E2C-4A5C-A4B8-6370490136AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:idp75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DD39F3D-8DD7-48DA-A8C2-543B8B05E50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:idp800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "567C7544-3C8B-468B-A2A1-0750B4623EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:idp8200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AC3940A-9974-48AC-BEA6-66F1DC8D91DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad CSRF (cross-site request forgery) en el componente administrativo web de Juniper IDP permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados en el servidor web de ACM."
    }
  ],
  "id": "CVE-2013-6957",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-12-13T18:07:54.373",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/100860"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1029491"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/100860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2013-6957

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-6957

Aliases

CVE-2013-6957

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-6957",
    "description": "Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server.",
    "id": "GSD-2013-6957"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-6957"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server.",
      "id": "GSD-2013-6957",
      "modified": "2023-12-13T01:22:19.320528Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-6957",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603"
          },
          {
            "name": "1029491",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1029491"
          },
          {
            "name": "100860",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/100860"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:juniper:idp75:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:juniper:idp250:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:juniper:idp800:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:juniper:idp8200:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6957"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100860",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/100860"
            },
            {
              "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603"
            },
            {
              "name": "1029491",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1029491"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2014-01-04T04:51Z",
      "publishedDate": "2013-12-13T18:07Z"
    }
  }
}

GHSA-QWRV-5G2G-45GV

Vulnerability from github – Published: 2022-05-17 04:55 – Updated: 2022-05-17 04:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-6957"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-12-13T18:07:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server.",
  "id": "GHSA-qwrv-5g2g-45gv",
  "modified": "2022-05-17T04:55:07Z",
  "published": "2022-05-17T04:55:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6957"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/100860"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1029491"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201312-0246

Vulnerability from variot - Updated: 2023-12-18 13:14

Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server. Juniper Networks IDP Series are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper IDP is the IDP series intrusion detection and prevention equipment of Juniper Networks (Juniper Networks). The appliances use stateful detection and prevention technology to provide zero-day protection against worms, Trojan horses, spyware, keyloggers and other malware

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201312-0246",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "idp250",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "idp800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "idp75",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "idp8200",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "idp250",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "idp75",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "idp800",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "idp8200",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005522"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-307"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:juniper:idp75:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:juniper:idp250:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:juniper:idp800:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:juniper:idp8200:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6957"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "64263"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-6957",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2013-6957",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-66959",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-6957",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201312-307",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66959",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005522"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-307"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server. Juniper Networks IDP Series are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper IDP is the IDP series intrusion detection and prevention equipment of Juniper Networks (Juniper Networks). The appliances use stateful detection and prevention technology to provide zero-day protection against worms, Trojan horses, spyware, keyloggers and other malware",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005522"
      },
      {
        "db": "BID",
        "id": "64263"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66959"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6957",
        "trust": 2.8
      },
      {
        "db": "OSVDB",
        "id": "100860",
        "trust": 2.5
      },
      {
        "db": "JUNIPER",
        "id": "JSA10603",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1029491",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005522",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-307",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "56087",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "64263",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-66959",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66959"
      },
      {
        "db": "BID",
        "id": "64263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005522"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-307"
      }
    ]
  },
  "id": "VAR-201312-0246",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66959"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:14:54.116000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10603",
        "trust": 0.8,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10603"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005522"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005522"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6957"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://osvdb.org/100860"
      },
      {
        "trust": 1.9,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10603"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1029491"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6957"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6957"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/56087"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/us/en/products-services/security/idp-series/"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.1,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10603"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66959"
      },
      {
        "db": "BID",
        "id": "64263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005522"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-307"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-66959"
      },
      {
        "db": "BID",
        "id": "64263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005522"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-307"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66959"
      },
      {
        "date": "2013-12-12T00:00:00",
        "db": "BID",
        "id": "64263"
      },
      {
        "date": "2013-12-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005522"
      },
      {
        "date": "2013-12-13T18:07:54.373000",
        "db": "NVD",
        "id": "CVE-2013-6957"
      },
      {
        "date": "2013-12-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-307"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66959"
      },
      {
        "date": "2013-12-12T00:00:00",
        "db": "BID",
        "id": "64263"
      },
      {
        "date": "2013-12-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005522"
      },
      {
        "date": "2014-01-04T04:51:00.193000",
        "db": "NVD",
        "id": "CVE-2013-6957"
      },
      {
        "date": "2013-12-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-307"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-307"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper IDP of  Web Cross-site scripting vulnerability in management component",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005522"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-307"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-6957 (GCVE-0-2013-6957)

CERTA-2013-AVI-674

Solution

CERTA-2013-AVI-674

Solution

FKIE_CVE-2013-6957

GSD-2013-6957

GHSA-QWRV-5G2G-45GV

VAR-201312-0246

Tags

Sightings

Nomenclature