Juniper Junos X-Frame-Options Clickjacking (JSA10675)
Medium Nessus Plugin ID 82796
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a clickjacking vulnerability due to J-Web missing the 'X-Frame-Options' HTTP header. A remote attacker can exploit this to trick a user into executing administrative tasks.
SolutionApply the relevant Junos software release or workaround referenced in Juniper advisory JSA10675.