-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 o PROBLEM DETAILS The Juniper Secure Access (SA) web interface allows users to manage the bookmarks on their landing page. This bookmark management functionality does not filter user input properly and can allow cross site scripting attacks. Upon modification or creation of a bookmark, the editbk.cgi script is requested with a parameter named "row". This parameter identifies the bookmark in question and its value is used in the server response. It is a flaw in the input handling of this "row" parameter that makes the appliance vulnerable to a cross site scripting attack. Successful exploitation could allow a remote attacker to hijack an authenticated session between a victim and the Juniper SA web interface. Usage of the Single Sign-On (SSO) feature will severely increase the impact as SSO automatically grants the hijacked session access to other systems (e.g. typically used in combination with Outlook Web Access). o AFFECTED SYSTEMS Juniper SA appliances running Juniper IVE OS 6.0 or higher o SOLUTION Juniper released IVE updates 6.3R7, 6.4R5 and 6.5R2 which fix this issue. The updates and installation instructions are available for Juniper customers on the Juniper website (note: login required) https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumbe r=PSN-2010-02-660&viewMode=view Alternatively, the bookmark functionality can be temporary disabled until the Juniper update has been applied. A Juniper administrator can disable the bookmark functionality via the Central Manager by unchecking the "User can add bookmarks" option in the "Web" tab of the active user roles. o CREDITS This vulnerability was discovered by Niels Heinen from the security testing services team of Logica Nederland B.V. Author: Logica Nederland B.V. ("Logica") o ABOUT LOGICA Logica is a business and technology service company, employing 39,000 people. We're experts in security, and have been for over 40 years. We help our clients to succeed against their competition by providing services others cannot deliver, securely. Creating confidence with customers, supporting growth. Keeping their brand highly regarded in the digital world. With a secure organisation, new ways are possible, such as using the cloud, mobile apps, outsourcing. We also help our clients to detect and prevent fraudulent and criminal behaviour. Creating confidence for society that you are protecting them from the increasing global threats in the physical and on-line world. Ensuring vital services, such as energy and telecoms, will be delivered without disruption. o DISCLAIMER Logica is not responsible for the use of the information we provide through the advisories. Use of the information constitutes acceptance for use in an as-is condition. There are no warranties with egard to this information. Neither the author not the publisher accepts any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.0.1 (Build 4020) Charset: utf-8 wsBVAwUBS5Ds3LoMEKjkBtO0AQgh9wf+JnKBe4/T1gaMqq1iblKrAE4HBd829G06 Z4h2WawQ5DVp5FHR7sKtM7bldXbwML/fdyTsWD8R/EJ3DAJI/zqUuYqDt9Ur5aWz yB8aWU8QyiPwFTOWz8s2kUjl9VOnmEb6Rwtpn+jS1RoRCV/6AX8/uRS/UKOsznaD /tyY3931+TZ3AlEa1hECTha05ngoZSCexgOOJokYsRxKzNribR9UT9GdEpHNr7MZ IVqQ9lLLoySPj5jjjoacUZr7s/DM0aHaDLKgyMSjwBDZ8aIr3lqDTCdBngBSLZDC aFk4wLNbYOfyvA3lA2GzD2GegMesWAgQtAxN4X/36mMUsq8YeQCVHA== =hOgD -----END PGP SIGNATURE----- Please help Logica to respect the environment by not printing this email / Pour contribuer comme Logica au respect de l'environnement, merci de ne pas imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei, die Umwelt zu sch|tzen. / Por favor ajude a Logica a respeitar o ambiente nao imprimindo este correio electronico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.