Details of VAR-201207-0123

ID

VAR-201207-0123

CVE

CVE-2012-4043

TITLE

plural Palo Alto Networks Product Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2012-003417

DESCRIPTION

Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 1.98

sources: NVD: CVE-2012-4043 // JVNDB: JVNDB-2012-003417 // BID: 54607 // VULHUB: VHN-57324

AFFECTED PRODUCTS

vendor:	palo alto	model:	global protected gateway	scope:	eq	version:	4.0	Trust: 1.6
vendor:	palo alto	model:	networks	scope:	eq	version:	global_protect_portal	Trust: 1.6
vendor:	palo alto	model:	ssl vpn	scope:	eq	version:	4.0	Trust: 1.6
vendor:	palo alto	model:	global protected gateway	scope:	eq	version:	4.0.5	Trust: 1.6
vendor:	palo alto	model:	global protected gateway	scope:	eq	version:	3.1	Trust: 1.6
vendor:	palo alto	model:	global protected gateway	scope:	eq	version:	3.1.11	Trust: 1.6
vendor:	palo alto	model:	ssl vpn	scope:	eq	version:	3.1.11	Trust: 1.6
vendor:	palo alto	model:	ssl vpn	scope:	eq	version:	4.0.5	Trust: 1.6
vendor:	palo alto	model:	ssl vpn	scope:	eq	version:	3.1	Trust: 1.6
vendor:	palo alto	model:	networks	scope:	eq	version:	global_protect_portal 3.1.x to 3.1.11	Trust: 0.8
vendor:	palo alto	model:	networks	scope:	eq	version:	global_protect_portal 4.0.x to 4.0.5	Trust: 0.8
vendor:	palo alto	model:	networks globalprotect	scope:	eq	version:	3.1.x to 3.1.11	Trust: 0.8
vendor:	palo alto	model:	networks globalprotect	scope:	eq	version:	4.0.x to 4.0.5	Trust: 0.8
vendor:	palo alto	model:	ssl vpn portal	scope:	eq	version:	3.1.x to 3.1.11	Trust: 0.8
vendor:	palo alto	model:	ssl vpn portal	scope:	eq	version:	4.0.x to 4.0.5	Trust: 0.8

sources: JVNDB: JVNDB-2012-003417 // CNNVD: CNNVD-201207-553 // NVD: CVE-2012-4043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4043
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4043
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201207-553
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57324
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4043
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57324
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57324 // JVNDB: JVNDB-2012-003417 // CNNVD: CNNVD-201207-553 // NVD: CVE-2012-4043

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-57324 // JVNDB: JVNDB-2012-003417 // NVD: CVE-2012-4043

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-553

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201207-553

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003417

PATCH

title:

Top Page

url:

http://www.paloaltonetworks.com/

Trust: 0.8

sources: JVNDB: JVNDB-2012-003417

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4043	Trust: 2.8
db:	OSVDB	id:	83896	Trust: 1.7
db:	JVNDB	id:	JVNDB-2012-003417	Trust: 0.8
db:	CNNVD	id:	CNNVD-201207-553	Trust: 0.7
db:	NSFOCUS	id:	20155	Trust: 0.6
db:	BID	id:	54607	Trust: 0.4
db:	VULHUB	id:	VHN-57324	Trust: 0.1

sources: VULHUB: VHN-57324 // BID: 54607 // JVNDB: JVNDB-2012-003417 // CNNVD: CNNVD-201207-553 // NVD: CVE-2012-4043

REFERENCES

url:	http://blog.abhisek.me/2012/06/xss-on-palo-alto-networks-global.html	Trust: 1.7
url:	http://www.osvdb.org/83896	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4043	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4043	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20155	Trust: 0.6

sources: VULHUB: VHN-57324 // JVNDB: JVNDB-2012-003417 // CNNVD: CNNVD-201207-553 // NVD: CVE-2012-4043

CREDITS

Abhisek Das

Trust: 0.3

sources: BID: 54607

SOURCES

db:	VULHUB	id:	VHN-57324
db:	BID	id:	54607
db:	JVNDB	id:	JVNDB-2012-003417
db:	CNNVD	id:	CNNVD-201207-553
db:	NVD	id:	CVE-2012-4043

LAST UPDATE DATE

2025-04-11T23:14:50.433000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57324	date:	2012-07-27T00:00:00
db:	BID	id:	54607	date:	2015-03-19T09:32:00
db:	JVNDB	id:	JVNDB-2012-003417	date:	2012-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201207-553	date:	2012-07-27T00:00:00
db:	NVD	id:	CVE-2012-4043	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57324	date:	2012-07-26T00:00:00
db:	BID	id:	54607	date:	2012-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2012-003417	date:	2012-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201207-553	date:	2012-07-27T00:00:00
db:	NVD	id:	CVE-2012-4043	date:	2012-07-26T19:55:04.183