Junos Pulse Secure Access Service CVE-2014-3823 Clickjacking Vulnerability
BID:69800
Info
Junos Pulse Secure Access Service CVE-2014-3823 Clickjacking Vulnerability
| Bugtraq ID: | 69800 |
| Class: | Design Error |
| CVE: |
CVE-2014-3823 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 15 2014 12:00AM |
| Updated: | Sep 15 2014 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Juniper Networks IVE OS 7.1R6 Juniper Networks IVE OS 7.1r1 Juniper Networks IVE OS 7.1 |
| Not Vulnerable: | |
Discussion
Junos Pulse Secure Access Service CVE-2014-3823 Clickjacking Vulnerability
Junos Pulse Secure Access Service is prone to a clickjacking vulnerability because it fails to perform validity checks on certain user actions through HTTP requests.
Successful exploits will allow an attacker to compromise the affected application or obtain sensitive information. Other attacks are also possible.
Junos Pulse Secure Access Service is prone to a clickjacking vulnerability because it fails to perform validity checks on certain user actions through HTTP requests.
Successful exploits will allow an attacker to compromise the affected application or obtain sensitive information. Other attacks are also possible.
Exploit / POC
Junos Pulse Secure Access Service CVE-2014-3823 Clickjacking Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to visit a crafted webpage.
An attacker can exploit this issue by enticing an unsuspecting user to visit a crafted webpage.
Solution / Fix
Junos Pulse Secure Access Service CVE-2014-3823 Clickjacking Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Junos Pulse Secure Access Service CVE-2014-3823 Clickjacking Vulnerability
References:
References:
- Juniper Networks Homepage (Juniper Networks)