Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[STRM] The 'possible CSRF attack detected' log entry is generated on STRM



Article ID: KB25513 KB Last Updated: 06 Sep 2012Version: 1.0
This article describes the issue of an incorrect session data that can trigger a warning about the CSRF attack on the STRM GUI.

Typical log entry:
Aug 6 12:40:08 IP_ADDRESS [tomcat] [gmuthusamy001@IP_ADDRESS (4139187) /console/JSON-RPC/QRadar.getAlertMessages] com.q1labs.core.ui.servlet.RemoteJavaScript: [WARN] [NOT:0000004000][IP_ADDRESS/- -] [-/- -]Current session is CE63AB16DB0B248EF138EAD597724D1D, provided session was 92608661-6137-4732-bd96-6d373861b6aa, possible CSRF attack detected using host IP_ADDRESS
This error is usually triggered by the client browser, which keeps old (incorrect) session data cached after a STRM upgrade.
To resolve this issue, clear the cookies and cache on the client browser. This action is currently advised, after every system upgrade, on all client workstations that access the STRM GUI.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search