[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Full-Disclosure Digest, Vol 44, Issue 4

       

-----Original Message-----
From: full-disclosure-request@xxxxxxxxxxxxxxxxx
Sent: 02 October 2008 12:00
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Full-Disclosure Digest, Vol 44, Issue 4

Send Full-Disclosure mailing list submissions to
        full-disclosure@xxxxxxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
        full-disclosure-request@xxxxxxxxxxxxxxxxx

You can reach the person managing the list at
        full-disclosure-owner@xxxxxxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."


Note to digest recipients - when replying to digest posts, please trim your 
post appropriately. Thank you.


Today's Topics:

   1. Layered Defense Research Advisory: Juniper Netscreen Firewall
      Cross-Site-Scripting (XSS) event log injection (Deral Heiland)


----------------------------------------------------------------------

Message: 1
Date: Wed, 01 Oct 2008 21:57:05 -0400
From: Deral Heiland <dh@xxxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Layered Defense Research Advisory: Juniper
        Netscreen Firewall Cross-Site-Scripting (XSS) event log injection
To: ull-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <20081002025713.93F76328@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"; format=flowed

==================================================
Layered Defense Research Advisory 1 October 2008
==================================================
1) Affected Product
Juniper Netscreen Firewall
ScreenOS version 5.4.0r9.0
==================================================
2) Severity Rating:
Low - Moderate
Impact: Potential system compromises but requires user interaction.
==================================================
3) Description of Vulnerability
A Cross-Site Scripting (XSS) Injection vulnerability was discovered 
within the Juniper Netscreen firewall NetOS version 5.4.0r9.0. The 
vulnerability is caused by failure to validate input from the web 
interface login, and telnet session login. This makes it possible for 
an attacker to inject ja

[The entire original message is not included]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/