Junos OS: J-Web Session Fixation Vulnerability (JSA10961)
Medium Nessus Plugin ID 130519
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a session fixation vulnerability in J-Web. This allows an unauthenticated, remote attacker to use social engineering techniques to fix and hijack a J-Web administrator's web session and potentially gain administrative access to the device.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionApply the relevant Junos software release referenced in Juniper advisory JSA10961.