mailing list archives
03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance
From: "Lachniet, Mark" <mlachniet () sequoianet com>
Date: Tue, 2 Mar 2004 09:03:26 -0500
TITLE: 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN
Cross Site Scripting bug in the 'delhomepage.cgi' CGI binary in the
NetScreen-SA 5000 Series SSL VPN appliance.
There exists a cross-site scripting bug in 'row' parameter of the
'delhomepage.cgi' CGI binary. This bug was discovered on an appliance
known as an "A5030-Clustered pair" running firmware version 3.3 Patch
(build 4797). The vulnerability may exist in other versions. This
may result in the theft of credentials such as session cookies, allow
hostile client-side scripts to run with unintended access privileges,
provide a means for a "phishing" attack. For more detailed
of Cross Site Scripting and its implications, please refer to
The 'delhomepage.cgi' is accessible only by authenticated users.
Upgrade to the patched version of IVE software. Contact Netscreen
The issue was discovered by Mark Lachniet of Analysts International
[lachniet -=at=- analysts.com] during a security analysis of the web
application interface of the device. Analysts International's
team provides a variety of security services and can be reached at
[SecurityServices -=at=- analysts.com].
The maintainer of the Netscreen IVE SSL VPN Appliance is the Netscreen
Corporation [http://www.netscreen.com]. The following information
security at Netscreen is taken from the Security Center web page at:
"Please report any potential or real instances of a security
(with any NetScreen product or service) to the NetScreen Security
Team at security () netscreen com <mailto:security () netscreen com> . For
immediate assistance, TAC is available
24 hours a day by calling 1-877-NETSCREEN."
In the opinion of the author, the Netscreen corporation responded
efficiently to this issue, and clearly takes the security of their
seriously. Netscreen should be commended for their prompt and
handling of the issue.
DATE OF CONTACT
2/6/2004 - Sent E-Mail to Sriram Ramachandran [SRamachandran -=at=-
and received response. Immediately discussed issue via. conference
The bug was confirmed by the Netscreen staff.
2/7/2004 - Draft advisory sent to Netscreen support staff
2/9/2004 - Ongoing dialog with Netscreen on issue
2/11/2004 - Ongoing dialog with Netscreen on issue
2/18/2004 - Ongoing dialog with Netscreen on issue
2/23/2004 - Ongoing dialog with Netscreen on issue
2/25/2004 - Advisory updated based on vendor response
3/02/2004 - Final advisory released
- 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance Lachniet, Mark (Mar 02)