Juniper Junos SRX Series Web Authentication XSS (JSA10640)
Medium Nessus Plugin ID 76507
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Junos device is affected by a reflected cross site scripting vulnerability. An attacker can exploit this to steal sensitive information or session credentials from firewall users.
Note that this issue only affects devices where Web Authentication is used for firewall user authentication
SolutionApply the relevant Junos software release or workaround referenced in Juniper advisory JSA10640.