ProCheckUp Security Advisory 2009.16

2010-07-15T00:00:00
ID PACKETSTORM:91811
Type packetstorm
Reporter ProCheckUp
Modified 2010-07-15T00:00:00

Description

                                        
                                            `PR09-16: Juniper Secure Access series (Juniper IVE) XSS  
  
Vulnerability found: 12th October 2009  
  
Severity: Medium (Script injection)  
  
Description:  
  
There is a Cross-site Scripting vulnerability on Juniper, IVE web interface.  
  
Procheckup has found by making a malformed request to the IVE Web  
interface without authentication, that a vanilla cross site scripting  
(XSS) attack is possible.  
  
  
Successfully tested on:  
Juniper Networks IVE version 6.5R1 (Build 14599)  
  
Model SA-2000  
  
  
Proof of concept:  
  
http://target-domain.foo/dana-na/auth/url_default/welcome.cgi?p=logout&c=37&u=</script><script>alert(1)</script>  
  
  
Consequences:  
  
An attacker may be able to cause execution of malicious scripting code  
in the browser of a user who clicks on a link or visits a malicious  
webpage. The malicious code would run in the security context of the  
vulnerable website.  
  
This type of attack can result in non-persistent defacement of the  
target site, or the redirection of confidential information (i.e.:  
passwords or session IDs) to unauthorised third parties.  
  
  
Fix:  
  
Ensure that the firewall's management interface is disabled on the  
Internet connected interface, by disabling WeBUI within service  
options on the Internet connected interface.  
  
  
  
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)  
  
  
Legal:  
  
Copyright 2009 Procheckup Ltd. All rights reserved.  
  
Permission is granted for copying and circulating this Bulletin to the  
Internet community for the purpose of alerting them to  
problems, if and only if, the Bulletin is not edited or changed in any  
way, is attributed to Procheckup, and provided such  
reproduction and/or distribution is performed for non-commercial purposes.  
  
Any other use of this information is prohibited. Procheckup is not  
liable for any misuse of this information by any third party.  
  
`