Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability

2006.07.14
Credit: Darren Bounds
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2006-3567
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability July 10, 2006 Product Overview: The Juniper Networks (Redline) DX application acceleration platform delivers a complete data center acceleration solution for web-enabled and IP-based business applications. Vulnerability Details: The Juniper Networks DX System log is vulnerable to a persistent, unauthenticated XSS attack. This vulnerability can be exploited by an attacker to obtain full administrative access to the Juniper DX appliance. This vulnerability stems from failure to sanitize System log content within the web administration interface. A malicious user may insert content into the username login field which will then be executed by administrative users when viewing the System Log. Affected Versions: Juniper DX 5.1.x Olders versions may also be affected. Workarounds: Control network access to the DX web administration console. References: http://www.juniper.net/products/appaccel/dca/dx.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top