-----Original Message----- From: [EMAIL PROTECTED] Sent: 02 October 2008 12:00 To: full-disclosure@lists.grok.org.uk Subject: Full-Disclosure Digest, Vol 44, Issue 4
Send Full-Disclosure mailing list submissions to full-disclosure@lists.grok.org.uk To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. Layered Defense Research Advisory: Juniper Netscreen Firewall Cross-Site-Scripting (XSS) event log injection (Deral Heiland) ---------------------------------------------------------------------- Message: 1 Date: Wed, 01 Oct 2008 21:57:05 -0400 From: Deral Heiland <[EMAIL PROTECTED]> Subject: [Full-disclosure] Layered Defense Research Advisory: Juniper Netscreen Firewall Cross-Site-Scripting (XSS) event log injection To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii"; format=flowed ================================================== Layered Defense Research Advisory 1 October 2008 ================================================== 1) Affected Product Juniper Netscreen Firewall ScreenOS version 5.4.0r9.0 ================================================== 2) Severity Rating: Low - Moderate Impact: Potential system compromises but requires user interaction. ================================================== 3) Description of Vulnerability A Cross-Site Scripting (XSS) Injection vulnerability was discovered within the Juniper Netscreen firewall NetOS version 5.4.0r9.0. The vulnerability is caused by failure to validate input from the web interface login, and telnet session login. This makes it possible for an attacker to inject ja [The entire original message is not included] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/