NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scripting Vulnerability
BID:9791
Info
NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9791 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2004 12:00AM |
| Updated: | Mar 02 2004 12:00AM |
| Credit: | Discovery is credited to Mark Lachniet of Analysts International <[email protected]>. |
| Vulnerable: |
NetScreen NetScreen-SA 5000 Series |
| Not Vulnerable: | |
Discussion
NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scripting Vulnerability
It has been reported that NetScreen SA 5000 Series may be prone to a cross-site scripting vulnerability that may allow an attacker to execute arbitrary HTML or script code in the browser of a vulnerable user. The issue presents itself due to insufficient sanitization of user-supplied data via the 'row' parameter of the 'delhomepage.cgi' CGI binary.
The vulnerability has been discovered in an appliance called A5030-Clustered pair running IVE firmware version 3.3 Patch 1 build 4797.
It has been reported that NetScreen SA 5000 Series may be prone to a cross-site scripting vulnerability that may allow an attacker to execute arbitrary HTML or script code in the browser of a vulnerable user. The issue presents itself due to insufficient sanitization of user-supplied data via the 'row' parameter of the 'delhomepage.cgi' CGI binary.
The vulnerability has been discovered in an appliance called A5030-Clustered pair running IVE firmware version 3.3 Patch 1 build 4797.
Exploit / POC
NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scripting Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scripting Vulnerability
Solution:
The vendor has released advisory 58412 and patches dealing with this issue. The patches are provided free of charge to customers that have purchased the affected software. Please see the attached advisory for more information and details on obtaining patches.
Solution:
The vendor has released advisory 58412 and patches dealing with this issue. The patches are provided free of charge to customers that have purchased the affected software. Please see the attached advisory for more information and details on obtaining patches.
References
NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scripting Vulnerability
References:
References:
- NetScreen-SA 5000 Series Product Page (NetScreen)
- 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance ("Lachniet, Mark"