Juniper Junos SRX Series Web Authentication XSS (JSA10640)

Medium Nessus Plugin ID 76507


The remote device is missing a vendor-supplied security patch.


According to its self-reported version number, the remote Junos device is affected by a reflected cross site scripting vulnerability. An attacker can exploit this to steal sensitive information or session credentials from firewall users.

Note that this issue only affects devices where Web Authentication is used for firewall user authentication


Apply the relevant Junos software release or workaround referenced in Juniper advisory JSA10640.

See Also

Plugin Details

Severity: Medium

ID: 76507

File Name: juniper_jsa10640.nasl

Version: 1.9

Type: combined

Published: 2014/07/15

Modified: 2017/05/16

Dependencies: 55932

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/model, Host/Juniper/JUNOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/07/09

Vulnerability Publication Date: 2014/07/09

Reference Information

CVE: CVE-2014-3821

BID: 68548

OSVDB: 108940

JSA: JSA10640

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990