Advisory Details

November 7th, 2010

Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability

ZDI-10-231
ZDI-CAN-886

CVE ID
CVSS SCORE 6.4, (AV:N/AC:L/Au:N/C:P/I:P/A:N)
AFFECTED VENDORS Juniper
AFFECTED PRODUCTS Secure Access Series
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 10605. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper SA Series devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the meeting_testjava.cgi page which is used to test JVM compatibility. When handling the DSID HTTP header the code allows an attacker to inject arbitrary javascript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the device.

ADDITIONAL DETAILS

The fix to this issue is now available for download on the vendor's website. The issue has been resolved in IVE OS 6.5r7 (Build 16789) and
7.0r3 (Build 16899).

A product security notice, PSN-2010-11-983, has been released by the vendor. Customers can sign up for proactive alerts of IVE OS software releases by visiting the Juniper Networks Support Center and selecting "Subscribe to Email Alerts" under Technical Bulletins.


DISCLOSURE TIMELINE
  • 2010-10-15 - Vulnerability reported to vendor
  • 2010-11-07 - Coordinated public release of advisory
CREDIT Davy Douhine
BACK TO ADVISORIES