Detections
Analytics
Junos Pulse Secure Access Service (SSL VPN) Multiple XSS (JSA10554)
medium Nessus Plugin ID 69241
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version, the version of IVE OS running on the remote host has the following cross-site scripting vulnerabilities :- An unspecified cross-site scripting issue exists related to login pages.
- A cross-site scripting vulnerability exists in the WWHSearchWordsText parameter of the help page.
An attacker could exploit either of these issues by tricking a user into requesting a malicious URL, resulting in arbitrary script code execution.
Solution
Upgrade to Juniper IVE OS version 7.1r13 / 7.2r7 / 7.3r2 or later.See Also
http://seclists.org/bugtraq/2013/Jul/147
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10554
Plugin Details
Severity: Medium
ID: 69241
File Name: junos_pulse_sa_jsa10554.nasl
Version: 1.9
Type: local
Family: Misc.
Published: 8/7/2013
Updated: 8/22/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/o:juniper:ive_os, cpe:/a:juniper:junos_pulse_secure_access_service
Required KB Items: Host/Juniper/IVE OS/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 12/12/2012
Vulnerability Publication Date: 3/6/2013
Reference Information
CVE: CVE-2012-5460
BID: 61399