CVE-2012-5460

Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html
http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:ive_os:7.2:::::::*
	cpe:2.3:o:juniper:ive_os:7.3:::::::*
	cpe:2.3:o:juniper:ive_os:7.1:::::::*

OR	cpe:2.3:h:juniper:secure_access_2000:-:::::::*
	cpe:2.3:h:juniper:fips_secure_access_4500:-:::::::*
	cpe:2.3:h:juniper:mag2600_gateway:-:::::::*
	cpe:2.3:h:juniper:mag6610_gateway:-:::::::*
	cpe:2.3:h:juniper:secure_access_4500:-:::::::*
	cpe:2.3:h:juniper:secure_access_4000:-:::::::*
	cpe:2.3:h:juniper:secure_access_6500:-:::::::*
	cpe:2.3:h:juniper:secure_access_6000:-:::::::*
	cpe:2.3:h:juniper:secure_access_700:-:::::::*
	cpe:2.3:h:juniper:secure_access_2500:-:::::::*
	cpe:2.3:h:juniper:mag6611_gateway:-:::::::*
	cpe:2.3:h:juniper:fips_secure_access_6000:-:::::::*
	cpe:2.3:h:juniper:fips_secure_access_6500:-:::::::*
	cpe:2.3:a:juniper:secure_access_virtual_appliance:-:::::::*
	cpe:2.3:h:juniper:fips_secure_access_4000:-:::::::*
	cpe:2.3:h:juniper:mag4610_gateway:-:::::::*

Information

Published : 2013-08-01 06:32

Updated : 2013-08-01 06:32

NVD link : CVE-2012-5460

Mitre link : CVE-2012-5460

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

juniper

fips_secure_access_4500
fips_secure_access_4000
mag6611_gateway
secure_access_4000
secure_access_6500
ive_os
secure_access_2000
secure_access_6000
fips_secure_access_6000
fips_secure_access_6500
secure_access_2500
secure_access_700
secure_access_4500
mag2600_gateway
mag4610_gateway
mag6610_gateway
secure_access_virtual_appliance

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html", "name": "20130722 Juniper Secure Access XSS Vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view", "name": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-5460", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2013-08-01T13:32Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:juniper:secure_access_2000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:secure_access_4500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:secure_access_4000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:secure_access_6500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:secure_access_6000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:secure_access_700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:secure_access_2500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:secure_access_virtual_appliance:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-08-01T13:32Z"}