Knowledge Search


Cross-Site Scripting vulnerability in Juniper NetScreen 5GT Antivirus HTTP Engine (supersedes PSN-2004-06-009)

  [JSA10329] Show Article Properties

Legacy Advisory Id:
Product Affected:
Juniper NetScreen 5GT firewalls running ScreenOS 5.0.0r1 - 5.0.0r7
The antivirus scan engine in the Juniper Networks NetScreen 5GT firewall is susceptible to an HTTP cross-site scripting vulnerability.
When a user downloads Internet content using a Web browser, the antivirus scan engine scans the contents for viruses. If the file is a zip archive, the scan engine examines the member files within the archive. When a virus is detected, the user is presented with a virus notification dialog containing the name of the infected archive member. If an attacker manually crafts a zip archive containing a virus-infected file with a specially formatted filename, the notification dialog could present a cross-site scripting vulnerability.
The antivirus scan engine has been modified to remove this vulnerability.
Upgrade to ScreenOS 5.0.0r8, which fixes this issue. Customers unable to upgrade to 5.0.0r8 at this time can disable HTTP protocol scanning in the Scan Manager.
Related Links:
Severity Level: