Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:XSS:HTML-SCRIPT-IN-COOKIE

Severity

 Major

Recommended

 Yes

Category

 HTTP

Keywords

 HTML Script Tag Embedded in Cookie

Release Date

 2009/11/24

Update Number

 1551

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: HTML Script Tag Embedded in Cookie


This signature detects attempts at cross-site scripting attacks. Attackers can create a malicious Web site that includes HTML embedded in the hyperlinks, which can violate site security settings. A victim that accesses these hyperlinks can allow the attacker to view the victim's Web cookies. Web cookies typically contain sensitive information.

Extended Description

Computer Associates SiteMinder Web Agent is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. We were not told which versions are affected. We will update this BID as more information emerges.

Affected Products

  • Computer_associates siteminder 6.0
  • Computer_associates siteminder
  • Computer_associates siteminder_web_agent

References

  • BugTraq: 26375
  • CERT: CA-2000-02
  • CVE: CVE-2007-5923
  • CVE: CVE-2015-1628

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out