| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Jul 2013 19:30:29 +0200 From: Anil Pazvant <pazwant@...il.com> To: bugtraq@...urityfocus.com Subject: Juniper Secure Access XSS Vulnerability ------------------------------------------------------------------------------- | Juniper Secure Access XSS Vulnerability| -------------------------------------------------------------------------------- Summary =============== Juniper Secure Access software has reflected XSS vulnerability CVE number: CVE-2012-5460 PSN-2013-03-874 Impact: Low Vendor homepage: http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view Vendor notified: 06/06/2012 Vendor fixed: 12/12/2012 Affected Products ================= Juniper SA (IVE OS) to versions prior to 7.1r13, 7.2r7, 7.3r2 . Details ================== In order to exploit this vulnerability , the client should authenticate to SSLVPN service.The vulnerable parameter exists on help page of IVE user web interface. Effected parameter: WWHSearchWordsText Impact ================== Execution of arbitrary script code in a user's browser during an authenticated session. Solution ================== Upgrade to 7.1r13, 7.2r7, 7.3r2, or higher. Twitter @pazwant
Powered by blists - more mailing lists