Re: [Full-disclosure] Full-Disclosure Digest, Vol 44, Issue 4

Fri, 03 Oct 2008 04:23:16 -0700 

       

-----Original Message-----
From: [EMAIL PROTECTED]
Sent: 02 October 2008 12:00
To: full-disclosure@lists.grok.org.uk
Subject: Full-Disclosure Digest, Vol 44, Issue 4

Send Full-Disclosure mailing list submissions to
        full-disclosure@lists.grok.org.uk

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
        [EMAIL PROTECTED]

You can reach the person managing the list at
        [EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."


Note to digest recipients - when replying to digest posts, please trim your 
post appropriately. Thank you.


Today's Topics:

   1. Layered Defense Research Advisory: Juniper Netscreen Firewall
      Cross-Site-Scripting (XSS) event log injection (Deral Heiland)


----------------------------------------------------------------------

Message: 1
Date: Wed, 01 Oct 2008 21:57:05 -0400
From: Deral Heiland <[EMAIL PROTECTED]>
Subject: [Full-disclosure] Layered Defense Research Advisory: Juniper
        Netscreen Firewall Cross-Site-Scripting (XSS) event log injection
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"; format=flowed

==================================================
Layered Defense Research Advisory 1 October 2008
==================================================
1) Affected Product
Juniper Netscreen Firewall
ScreenOS version 5.4.0r9.0
==================================================
2) Severity Rating:
Low - Moderate
Impact: Potential system compromises but requires user interaction.
==================================================
3) Description of Vulnerability
A Cross-Site Scripting (XSS) Injection vulnerability was discovered 
within the Juniper Netscreen firewall NetOS version 5.4.0r9.0. The 
vulnerability is caused by failure to validate input from the web 
interface login, and telnet session login. This makes it possible for 
an attacker to inject ja

[The entire original message is not included]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to