Re: Full-Disclosure Digest, Vol 44, Issue 4

[Jim Woodcock <jim.woodcock () gmail com>]

-----Original Message-----
From: full-disclosure-request () lists grok org uk
Sent: 02 October 2008 12:00
To: full-disclosure () lists grok org uk
Subject: Full-Disclosure Digest, Vol 44, Issue 4

Send Full-Disclosure mailing list submissions to
        full-disclosure () lists grok org uk

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
        full-disclosure-request () lists grok org uk

You can reach the person managing the list at
        full-disclosure-owner () lists grok org uk

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."


Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.


Today's Topics:

   1. Layered Defense Research Advisory: Juniper Netscreen Firewall
      Cross-Site-Scripting (XSS) event log injection (Deral Heiland)


----------------------------------------------------------------------

Message: 1
Date: Wed, 01 Oct 2008 21:57:05 -0400
From: Deral Heiland <dh () layereddefense com>
Subject: [Full-disclosure] Layered Defense Research Advisory: Juniper
        Netscreen Firewall Cross-Site-Scripting (XSS) event log injection
To: ull-disclosure () lists grok org uk
Message-ID: <20081002025713.93F76328 () lists grok org uk>
Content-Type: text/plain; charset="us-ascii"; format=flowed

==================================================
Layered Defense Research Advisory 1 October 2008
==================================================
1) Affected Product
Juniper Netscreen Firewall
ScreenOS version 5.4.0r9.0
==================================================
2) Severity Rating:
Low - Moderate
Impact: Potential system compromises but requires user interaction.
==================================================
3) Description of Vulnerability
A Cross-Site Scripting (XSS) Injection vulnerability was discovered 
within the Juniper Netscreen firewall NetOS version 5.4.0r9.0. The 
vulnerability is caused by failure to validate input from the web 
interface login, and telnet session login. This makes it possible for 
an attacker to inject ja

[The entire original message is not included]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/