Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability

CVE	Category	Price	Severity
CVE-2021-XXXX	CWE-79	$500	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2006-07-25

CVSS	EPSS	EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	0.02192	0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006070069

Below is a copy:

Juniper Networks DX Web Administration Persistent System Log  XSS Vulnerability
July 10, 2006

Product Overview:
The Juniper Networks (Redline) DX application acceleration platform
delivers a complete data center acceleration solution for web-enabled
and IP-based business applications.

Vulnerability Details:
The Juniper Networks DX System log is vulnerable to a persistent,
unauthenticated XSS attack. This vulnerability can be exploited by an
attacker to obtain full administrative access to the Juniper DX appliance.

This vulnerability stems from failure to sanitize System log content
within the web administration interface. A malicious user may insert
content into the username login field which will then be executed by
administrative users when viewing the System Log.

Affected Versions:
Juniper DX 5.1.x
Olders versions may also be affected.

Workarounds:
Control network access to the DX web administration console.

References:
http://www.juniper.net/products/appaccel/dca/dx.html

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum