Lucene search

[email protected]CVE-2012-1038

HistoryApr 03, 2013 - 12:55 a.m.

CVE-2012-1038

2013-04-0300:55:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-1038

cross-site scripting

xss

vulnerability

juniper networks

mobility system software

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name.

Affected configurations

NVD

Node

junipernetworks_mobility_system_softwareMatch7.3

junipernetworks_mobility_system_softwareMatch7.4

junipernetworks_mobility_system_softwareMatch7.5

junipernetworks_mobility_system_softwareMatch7.5.1.6

junipernetworks_mobility_system_softwareMatch7.6

junipernetworks_mobility_system_softwareMatch7.7

CPENameOperatorVersion
juniper:networks_mobility_system_softwarejuniper networks mobility system softwareeq7.3
juniper:networks_mobility_system_softwarejuniper networks mobility system softwareeq7.4
juniper:networks_mobility_system_softwarejuniper networks mobility system softwareeq7.5
juniper:networks_mobility_system_softwarejuniper networks mobility system softwareeq7.5.1.6
juniper:networks_mobility_system_softwarejuniper networks mobility system softwareeq7.6
juniper:networks_mobility_system_softwarejuniper networks mobility system softwareeq7.7

CPE	Name	Operator	Version
juniper:networks_mobility_system_software	juniper networks mobility system software	eq	7.3
juniper:networks_mobility_system_software	juniper networks mobility system software	eq	7.4
juniper:networks_mobility_system_software	juniper networks mobility system software	eq	7.5
juniper:networks_mobility_system_software	juniper networks mobility system software	eq	7.5.1.6
juniper:networks_mobility_system_software	juniper networks mobility system software	eq	7.6
juniper:networks_mobility_system_software	juniper networks mobility system software	eq	7.7

References

www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-06-611&viewMode=view

www.secureworks.com/advisories/swrx-2012-004/SWRX-2012-004.pdf

www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-004/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Related for CVE-2012-1038

prion1 cvelist1 nvd1 nessus4