ID

VAR-200607-0333

CVE

CVE-2006-3567

TITLE

Juniper Networks DX System log Cross-site scripting vulnerability

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field. Juniper Networks DX is prone to an HTML-injection vulnerability. This vulnerability exists because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks. Version 5.1 is vulnerable; other versions may also be affected. Juniper's DX application acceleration platform is a solution for improving the performance of Web applications. Because the syslog content in the web administration interface is not properly filtered, a malicious user can inject content into the username login field, resulting in the execution of the injected content if the administrative user browses the syslog. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Reversing must be a passion as your skills will be challenged on a daily basis and you will be working several hours everyday in IDA, Ollydbg, and with BinDiff. Often, it is also required that you write a PoC or even a working exploit to prove that an issue is exploitable. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Juniper Networks DX System Log Script Insertion SECUNIA ADVISORY ID: SA20990 VERIFY ADVISORY: http://secunia.com/advisories/20990/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: Juniper Networks DX 5.x http://secunia.com/product/10978/ DESCRIPTION: Darren Bounds has reported a vulnerability for Juniper DX, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to insufficient filtering of the system log when displaying it in the web administration interface. This can be exploited to insert arbitrary HTML and script code via e.g. the username login field, which will be executed in a user's browser session in context of an affected site when malicious data is viewed. SOLUTION: Restrict access to the web administration console to trusted users only. PROVIDED AND/OR DISCOVERED BY: Darren Bounds ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047772.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

XSS

EXTERNAL IDS

REFERENCES

CREDITS

Darren Bounds dbounds@gmail.com

SOURCES

LAST UPDATE DATE

2024-08-14T15:14:55.794000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE