| CVE ID | |
| CVSS SCORE | 6.4, AV:N/AC:L/Au:N/C:P/I:P/A:N |
| AFFECTED VENDORS |
Juniper |
| AFFECTED PRODUCTS |
Secure Access Series |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['10605']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper SA Series devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the meeting_testjava.cgi page which is used to test JVM compatibility. When handling the DSID HTTP header the code allows an attacker to inject arbitrary javascript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the device. |
| ADDITIONAL DETAILS |
The fix to this issue is now available for download on the vendor's website. The issue has been resolved in IVE OS 6.5r7 (Build 16789) and A product security notice, PSN-2010-11-983, has been released by the vendor. Customers can sign up for proactive alerts of IVE OS software releases by visiting the Juniper Networks Support Center and selecting "Subscribe to Email Alerts" under Technical Bulletins. |
| DISCLOSURE TIMELINE |
|
| CREDIT | Davy Douhine |
