cvelistv5 - cve-2006-3567

CVE-2006-3567 (GCVE-0-2006-3567)

Vulnerability from cvelistv5 – Published: 2006-07-13 01:00 – Updated: 2024-08-07 18:30

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://securitytracker.com/id?1016462	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/2741	vdb-entryx_refsource_VUPEN
	http://securityreason.com/securityalert/1218	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/archive/1/439758/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/18926	vdb-entryx_refsource_BID
	http://www.osvdb.org/27131	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/20990	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:34.489Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1016462",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016462"
          },
          {
            "name": "ADV-2006-2741",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2741"
          },
          {
            "name": "1218",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1218"
          },
          {
            "name": "20060710 Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/439758/100/0/threaded"
          },
          {
            "name": "18926",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18926"
          },
          {
            "name": "27131",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27131"
          },
          {
            "name": "juniper-networks-logging-xss(27645)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27645"
          },
          {
            "name": "20990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20990"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1016462",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016462"
        },
        {
          "name": "ADV-2006-2741",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2741"
        },
        {
          "name": "1218",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1218"
        },
        {
          "name": "20060710 Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/439758/100/0/threaded"
        },
        {
          "name": "18926",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18926"
        },
        {
          "name": "27131",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27131"
        },
        {
          "name": "juniper-networks-logging-xss(27645)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27645"
        },
        {
          "name": "20990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20990"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3567",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1016462",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016462"
            },
            {
              "name": "ADV-2006-2741",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2741"
            },
            {
              "name": "1218",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1218"
            },
            {
              "name": "20060710 Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/439758/100/0/threaded"
            },
            {
              "name": "18926",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18926"
            },
            {
              "name": "27131",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27131"
            },
            {
              "name": "juniper-networks-logging-xss(27645)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27645"
            },
            {
              "name": "20990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20990"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3567",
    "datePublished": "2006-07-13T01:00:00",
    "dateReserved": "2006-07-12T00:00:00",
    "dateUpdated": "2024-08-07T18:30:34.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:dx:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1\", \"matchCriteriaId\": \"12AA1011-1EBA-447E-992D-F1A8610AB47C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de secuencia de comando en sitios cruzados (XSS) en la interfaz de entrada de administraci\\u00f3n web en Juniper Networks (Redline) DX 5.1.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\\u00e9s del campo de entrada username.\"}]",
      "id": "CVE-2006-3567",
      "lastModified": "2024-11-21T00:13:54.820",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-07-13T01:05:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/20990\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/1218\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016462\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/27131\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/439758/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/18926\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2741\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27645\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/20990\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/1218\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016462\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/27131\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/439758/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18926\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27645\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3567\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-07-13T01:05:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencia de comando en sitios cruzados (XSS) en la interfaz de entrada de administraci\u00f3n web en Juniper Networks (Redline) DX 5.1.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo de entrada username.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:dx:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1\",\"matchCriteriaId\":\"12AA1011-1EBA-447E-992D-F1A8610AB47C\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/20990\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/1218\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016462\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/27131\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/439758/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/18926\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2741\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27645\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20990\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/1218\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016462\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/27131\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/439758/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18926\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27645\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2006-3567

Vulnerability from fkie_nvd - Published: 2006-07-13 01:05 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/20990	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/1218
cve@mitre.org	http://securitytracker.com/id?1016462
cve@mitre.org	http://www.osvdb.org/27131
cve@mitre.org	http://www.securityfocus.com/archive/1/439758/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/18926
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2741
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27645
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20990	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1218
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016462
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/27131
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/439758/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18926
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2741
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27645

Impacted products

	Vendor	Product	Version
	juniper	dx	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:juniper:dx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12AA1011-1EBA-447E-992D-F1A8610AB47C",
              "versionEndIncluding": "5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencia de comando en sitios cruzados (XSS) en la interfaz de entrada de administraci\u00f3n web en Juniper Networks (Redline) DX 5.1.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo de entrada username."
    }
  ],
  "id": "CVE-2006-3567",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-07-13T01:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20990"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1218"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016462"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27131"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/439758/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18926"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2741"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/439758/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27645"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200607-0333

Vulnerability from variot - Updated: 2023-12-18 12:13

Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field. Juniper Networks DX is prone to an HTML-injection vulnerability. This vulnerability exists because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks. Version 5.1 is vulnerable; other versions may also be affected. Juniper's DX application acceleration platform is a solution for improving the performance of Web applications. Because the syslog content in the web administration interface is not properly filtered, a malicious user can inject content into the username login field, resulting in the execution of the injected content if the administrative user browses the syslog.

Hardcore Disassembler / Reverse Engineer

Reversing must be a passion as your skills will be challenged on a daily basis and you will be working several hours everyday in IDA, Ollydbg, and with BinDiff. Often, it is also required that you write a PoC or even a working exploit to prove that an issue is exploitable.

http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE: Juniper Networks DX System Log Script Insertion

SECUNIA ADVISORY ID: SA20990

VERIFY ADVISORY: http://secunia.com/advisories/20990/

CRITICAL: Moderately critical

IMPACT: Cross Site Scripting

WHERE:

From remote

SOFTWARE: Juniper Networks DX 5.x http://secunia.com/product/10978/

DESCRIPTION: Darren Bounds has reported a vulnerability for Juniper DX, which can be exploited by malicious people to conduct script insertion attacks.

The vulnerability is caused due to insufficient filtering of the system log when displaying it in the web administration interface. This can be exploited to insert arbitrary HTML and script code via e.g. the username login field, which will be executed in a user's browser session in context of an affected site when malicious data is viewed.

SOLUTION: Restrict access to the web administration console to trusted users only.

PROVIDED AND/OR DISCOVERED BY: Darren Bounds

ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047772.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200607-0333",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "dx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "dx application acceleration platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "18926"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3567"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-176"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:juniper:dx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3567"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Darren Bounds dbounds@gmail.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-176"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-3567",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-19675",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3567",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200607-176",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-19675",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19675"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3567"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-176"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field. Juniper Networks DX is prone to an HTML-injection vulnerability. This vulnerability exists because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. \nAttacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks. \nVersion 5.1 is vulnerable; other versions may also be affected. Juniper\u0027s DX application acceleration platform is a solution for improving the performance of Web applications. Because the syslog content in the web administration interface is not properly filtered, a malicious user can inject content into the username login field, resulting in the execution of the injected content if the administrative user browses the syslog. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer\n\nReversing must be a passion as your skills will be challenged\non a daily basis and you will be working several hours\neveryday in IDA, Ollydbg, and with BinDiff. Often, it is also\nrequired that you write a PoC or even a working exploit to\nprove that an issue is exploitable. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nJuniper Networks DX System Log Script Insertion\n\nSECUNIA ADVISORY ID:\nSA20990\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/20990/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nJuniper Networks DX 5.x\nhttp://secunia.com/product/10978/\n\nDESCRIPTION:\nDarren Bounds has reported a vulnerability for Juniper DX, which can\nbe exploited by malicious people to conduct script insertion\nattacks. \n\nThe vulnerability is caused due to insufficient filtering of the\nsystem log when displaying it in the web administration interface. \nThis can be exploited to insert arbitrary HTML and script code via\ne.g. the username login field, which will be executed in a user\u0027s\nbrowser session in context of an affected site when malicious data is\nviewed. \n\nSOLUTION:\nRestrict access to the web administration console to trusted users\nonly. \n\nPROVIDED AND/OR DISCOVERED BY:\nDarren Bounds\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047772.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3567"
      },
      {
        "db": "BID",
        "id": "18926"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19675"
      },
      {
        "db": "PACKETSTORM",
        "id": "48146"
      }
    ],
    "trust": 1.35
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "18926",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "20990",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3567",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "1218",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "27131",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-2741",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1016462",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-176",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20060710 JUNIPER NETWORKS DX WEB ADMINISTRATION PERSISTENT SYSTEM LOG XSS VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "27645",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-19675",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "48146",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19675"
      },
      {
        "db": "BID",
        "id": "18926"
      },
      {
        "db": "PACKETSTORM",
        "id": "48146"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3567"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-176"
      }
    ]
  },
  "id": "VAR-200607-0333",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19675"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:13:08.666000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3567"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/18926"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/27131"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016462"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/20990"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/1218"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/439758/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/2741"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27645"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/27645"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/439758/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/2741"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/439758"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/10978/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20990/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-july/047772.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19675"
      },
      {
        "db": "BID",
        "id": "18926"
      },
      {
        "db": "PACKETSTORM",
        "id": "48146"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3567"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-176"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-19675"
      },
      {
        "db": "BID",
        "id": "18926"
      },
      {
        "db": "PACKETSTORM",
        "id": "48146"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3567"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-176"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-07-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19675"
      },
      {
        "date": "2006-07-10T00:00:00",
        "db": "BID",
        "id": "18926"
      },
      {
        "date": "2006-07-12T07:20:23",
        "db": "PACKETSTORM",
        "id": "48146"
      },
      {
        "date": "2006-07-13T01:05:00",
        "db": "NVD",
        "id": "CVE-2006-3567"
      },
      {
        "date": "2006-07-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-176"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19675"
      },
      {
        "date": "2006-07-12T19:33:00",
        "db": "BID",
        "id": "18926"
      },
      {
        "date": "2018-10-18T16:48:00.923000",
        "db": "NVD",
        "id": "CVE-2006-3567"
      },
      {
        "date": "2006-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-176"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-176"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Networks DX System log Cross-site scripting vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-176"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-176"
      }
    ],
    "trust": 0.6
  }
}

GHSA-3575-8438-5GXJ

Vulnerability from github – Published: 2022-05-01 07:10 – Updated: 2022-05-01 07:10

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3567"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-07-13T01:05:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field.",
  "id": "GHSA-3575-8438-5gxj",
  "modified": "2022-05-01T07:10:25Z",
  "published": "2022-05-01T07:10:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3567"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27645"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20990"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/1218"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016462"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/27131"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/439758/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18926"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2741"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2006-3567

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3567

Aliases

CVE-2006-3567

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3567",
    "description": "Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field.",
    "id": "GSD-2006-3567"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3567"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field.",
      "id": "GSD-2006-3567",
      "modified": "2023-12-13T01:19:57.872435Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3567",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1016462",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016462"
          },
          {
            "name": "ADV-2006-2741",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2741"
          },
          {
            "name": "1218",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/1218"
          },
          {
            "name": "20060710 Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/439758/100/0/threaded"
          },
          {
            "name": "18926",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18926"
          },
          {
            "name": "27131",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/27131"
          },
          {
            "name": "juniper-networks-logging-xss(27645)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27645"
          },
          {
            "name": "20990",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20990"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:juniper:dx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3567"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18926",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18926"
            },
            {
              "name": "1016462",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016462"
            },
            {
              "name": "20990",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20990"
            },
            {
              "name": "27131",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/27131"
            },
            {
              "name": "1218",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/1218"
            },
            {
              "name": "ADV-2006-2741",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2741"
            },
            {
              "name": "juniper-networks-logging-xss(27645)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27645"
            },
            {
              "name": "20060710 Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/439758/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:48Z",
      "publishedDate": "2006-07-13T01:05Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3567 (GCVE-0-2006-3567)

FKIE_CVE-2006-3567

VAR-200607-0333

GHSA-3575-8438-5GXJ

GSD-2006-3567

Tags

Sightings

Nomenclature