Details of VAR-201006-0426

ID

VAR-201006-0426

CVE

CVE-2010-2288

TITLE

Juniper Networks IVE of dana/nc/ncrun.cgi Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2010-004876

DESCRIPTION

Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie. Secure Access is prone to a cross-site scripting vulnerability

Trust: 1.98

sources: NVD: CVE-2010-2288 // JVNDB: JVNDB-2010-004876 // BID: 73547 // VULHUB: VHN-44893

AFFECTED PRODUCTS

vendor:	juniper	model:	secure access	scope:	eq	version:	6.5	Trust: 1.6
vendor:	juniper	model:	secure access	scope:	eq	version:	6.5r1 (build 14599) and 6.5r2 (build 14951)	Trust: 0.8
vendor:	juniper	model:	secure access r2.0	scope:	eq	version:	6.5	Trust: 0.3
vendor:	juniper	model:	secure access r1.0	scope:	eq	version:	6.5	Trust: 0.3

sources: BID: 73547 // JVNDB: JVNDB-2010-004876 // CNNVD: CNNVD-201006-248 // NVD: CVE-2010-2288

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-2288
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-2288
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-248
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-44893
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-2288
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-44893
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-44893 // JVNDB: JVNDB-2010-004876 // CNNVD: CNNVD-201006-248 // NVD: CVE-2010-2288

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-44893 // JVNDB: JVNDB-2010-004876 // NVD: CVE-2010-2288

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-248

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201006-248

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-004876

PATCH

title:

Top Page

url:

http://www.juniper.net/us/en/

Trust: 0.8

sources: JVNDB: JVNDB-2010-004876

EXTERNAL IDS

db:	NVD	id:	CVE-2010-2288	Trust: 2.8
db:	SECTRACK	id:	1024090	Trust: 2.0
db:	OSVDB	id:	65288	Trust: 1.7
db:	JVNDB	id:	JVNDB-2010-004876	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-248	Trust: 0.7
db:	BUGTRAQ	id:	20100610 PR09-17: JUNIPER SECURE ACCESS SERIERS (JUNIPER IVE) AUTHENTICATED XSS & REDIRECTION	Trust: 0.6
db:	BID	id:	73547	Trust: 0.4
db:	VULHUB	id:	VHN-44893	Trust: 0.1

sources: VULHUB: VHN-44893 // BID: 73547 // JVNDB: JVNDB-2010-004876 // CNNVD: CNNVD-201006-248 // NVD: CVE-2010-2288

REFERENCES

url:	http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-17	Trust: 2.0
url:	http://www.securitytracker.com/id?1024090	Trust: 2.0
url:	http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search&txtalertnumber=psn-2010-05-751&viewmode=view	Trust: 1.9
url:	http://osvdb.org/65288	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/511775/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/511775/100/0/threaded	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2288	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2288	Trust: 0.8
url:	http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search&txtalertnumber=psn-2010-05-751&viewmode=view	Trust: 0.1

sources: VULHUB: VHN-44893 // BID: 73547 // JVNDB: JVNDB-2010-004876 // CNNVD: CNNVD-201006-248 // NVD: CVE-2010-2288

CREDITS

Unknown

Trust: 0.3

sources: BID: 73547

SOURCES

db:	VULHUB	id:	VHN-44893
db:	BID	id:	73547
db:	JVNDB	id:	JVNDB-2010-004876
db:	CNNVD	id:	CNNVD-201006-248
db:	NVD	id:	CVE-2010-2288

LAST UPDATE DATE

2025-04-11T23:05:58.152000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-44893	date:	2018-10-10T00:00:00
db:	BID	id:	73547	date:	2010-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2010-004876	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201006-248	date:	2010-06-18T00:00:00
db:	NVD	id:	CVE-2010-2288	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-44893	date:	2010-06-15T00:00:00
db:	BID	id:	73547	date:	2010-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2010-004876	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201006-248	date:	2010-06-18T00:00:00
db:	NVD	id:	CVE-2010-2288	date:	2010-06-15T14:04:26.593