PT-2013-6197 · Juniper Networks · Junos Pulse Secure Access Service

Publicado

2013-12-13

·

Atualizado

2014-01-04

·

CVE-2013-6956

CVSS v2.0

2.1

Baixa

VetorAV:N/AC:H/Au:S/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Junos Pulse Secure Access Service versions prior to 7.1r17 Junos Pulse Secure Access Service versions 7.3 prior to 7.3r8 Junos Pulse Secure Access Service versions 7.4 prior to 7.4r6 Junos Pulse Secure Access Service versions 8.0 prior to 8.0r1
Description A cross-site scripting (XSS) issue exists in the Secure Access Service Web rewriting feature of Junos Pulse Secure Access Service, allowing remote authenticated users to inject arbitrary web script or HTML via unspecified vectors when web rewrite is enabled.
Recommendations For versions prior to 7.1r17, update to version 7.1r17 or later. For versions 7.3 prior to 7.3r8, update to version 7.3r8 or later. For versions 7.4 prior to 7.4r6, update to version 7.4r6 or later. For versions 8.0 prior to 8.0r1, update to version 8.0r1 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2013-6956

Produtos afetados

Junos Pulse Secure Access Service