Hash: SHA1

                         AUSCERT Security Bulletin

Cross site scripting and redirection issue in Juniper Secure Access devices
                               11 June 2010


        AusCERT Security Bulletin Summary

Product:              Juniper Secure Access series (Juniper IVE)
Operating System:     Juniper
Impact/Access:        Cross-site Scripting           -- Remote with User Interaction
                      Provide Misleading Information -- Remote with User Interaction
                      Read-only Data Access          -- Remote with User Interaction
Resolution:           Patch/Upgrade
Member content until: Sunday, July 11 2010


        A cross site scripting and redirection flaw has been discovered and
        fixed in the Juniper Secure Access series (Juniper IVE) devices.


        The research company Procheckup who worked with Juniper to resolve this
        issue describes the vulnerability as:
        "There is multiple authenticated Cross-site Scripting vulnerability on
         Junipers, IVE web interface.
         Procheckup has found by making a malformed authenticated request to
         the IVE Web interface, that vanilla cross site scripting (XSS) attacks
         are possible.
         An attacker may be able to cause execution of malicious scripting code
         in the browser of a user who clicks on a link or visits a malicious
         webpage. The malicious code would run in the security context of the
         vulnerable website.
         This type of attack can result in non-persistent defacement of the
         target site, or the redirection of confidential information
         (i.e.: passwords or session IDs) to unauthorised third parties." [1]


        It is recommended the users of the Juniper Secure Access series
        (Juniper IVE) devices update to version 6.5R3.1 (build 15255) or a
        later version.[2]
        Juniper has provided information regarding this issue to its customers
        on its members only website. [2]


        [1] PR09-17 Juniper Secure Access series (Juniper IVE) authenticated
            XSS & REDIRECTION

        [2] JTAC Technical Bulletin PSN-2010-05-751

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967