| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Jul 10 17:16:18 2006 From: dbounds at gmail.com (Darren Bounds) Subject: Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability July 10, 2006 Product Overview: The Juniper Networks (Redline) DX application acceleration platform delivers a complete data center acceleration solution for web-enabled and IP-based business applications. Vulnerability Details: The Juniper Networks DX System log is vulnerable to a persistent, unauthenticated XSS attack. This vulnerability can be exploited by an attacker to obtain full administrative access to the Juniper DX appliance. This vulnerability stems from failure to sanitize System log content within the web administration interface. A malicious user may insert content into the username login field which will then be executed by administrative users when viewing the System Log. Affected Versions: Juniper DX 5.1.x Olders versions may also be affected. Workarounds: Control network access to the DX web administration console. References: http://www.juniper.net/products/appaccel/dca/dx.html
Powered by blists - more mailing lists