Knowledge Search


×
 

Cross-Site Scripting vulnerability in Juniper NetScreen 5GT Antivirus HTTP Engine (supersedes PSN-2004-06-009)

  [JSA10329] Show Article Properties


Legacy Advisory Id:
PSN-2004-06-011
Product Affected:
Juniper NetScreen 5GT firewalls running ScreenOS 5.0.0r1 - 5.0.0r7
Problem:
The antivirus scan engine in the Juniper Networks NetScreen 5GT firewall is susceptible to an HTTP cross-site scripting vulnerability.
When a user downloads Internet content using a Web browser, the antivirus scan engine scans the contents for viruses. If the file is a zip archive, the scan engine examines the member files within the archive. When a virus is detected, the user is presented with a virus notification dialog containing the name of the infected archive member. If an attacker manually crafts a zip archive containing a virus-infected file with a specially formatted filename, the notification dialog could present a cross-site scripting vulnerability.
Solution:
The antivirus scan engine has been modified to remove this vulnerability.
Implementation:
Upgrade to ScreenOS 5.0.0r8, which fixes this issue. Customers unable to upgrade to 5.0.0r8 at this time can disable HTTP protocol scanning in the Scan Manager.
Related Links:
Risk Level:
Medium