Vulnerability-Lookup

CVE-2009-3486 (GCVE-0-2009-3486)

Vulnerability from cvelistv5 – Published: 2009-09-30 15:00 – Updated: 2024-09-17 00:42

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-VPH7-V96R-WC7M

Vulnerability from github – Published: 2022-05-02 03:45 – Updated: 2022-05-02 03:45

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3486"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-09-30T15:30:00Z",
    "severity": "LOW"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program.",
  "id": "GHSA-vph7-v96r-wc7m",
  "modified": "2022-05-02T03:45:32Z",
  "published": "2022-05-02T03:45:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3486"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36829"
    },
    {
      "type": "WEB",
      "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36537"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2784"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-3486

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-3486

Aliases

CVE-2009-3486

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3486",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program.",
    "id": "GSD-2009-3486"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3486"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program.",
      "id": "GSD-2009-3486",
      "modified": "2023-12-13T01:19:48.862742Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-3486",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09",
            "refsource": "MISC",
            "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09"
          },
          {
            "name": "ADV-2009-2784",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2784"
          },
          {
            "name": "36537",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36537"
          },
          {
            "name": "36829",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36829"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:8.5:r1.14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3486"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-2784",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2784"
            },
            {
              "name": "36829",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36829"
            },
            {
              "name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09"
            },
            {
              "name": "36537",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/36537"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2009-10-05T04:00Z",
      "publishedDate": "2009-09-30T15:30Z"
    }
  }
}

VAR-200909-0227

Vulnerability from variot - Updated: 2025-04-10 23:06

Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program. Juniper JUNOS of J-Web The interface contains a cross-site scripting vulnerability.Depending on the remote authenticated user, host Any via parameter Web Script or HTML May be inserted. Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web (Juniper Web Management). Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. This issue affects the following: J-Web 8.5R1.14 J-Web 9.0R1.1. JUNOS is prone to a cross-site scripting vulnerability. ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: Juniper JUNOS JWeb Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA36829

VERIFY ADVISORY: http://secunia.com/advisories/36829/

DESCRIPTION: Some vulnerabilities have been reported in Juniper JUNOS, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to conduct script insertion attacks.

1) Input passed via the URL to the JWeb administrative web interface is not properly sanitised before being returned to the user.

2) Input passed via multiple parameters to the JWeb administrative web interface is not properly sanitised before being returned to the user.

The following parameters passed to the following scripts are reportedly affected: * "host" to /diagnose?m[]=pinghost and /diagnose?m[]=traceroute * "probe-limit" to /configuration?m[]=wizards&m[]=rpm * "wizard_ids" and "pager-new-identifier" to /configuration?m[]=wizards&m[]=firewall-acl&m[]=firewall-filters * "os-physical-interface-name" to /configuration?m[]=wizards&m[]=cos&m[]=cos-interfaces * "wizard-args" and "wizard-ids" to /configuration?m[]=wizards&m[]=snmp * "username" and "fullname" to /configuration?m[]=wizards&m[]=users * "certname" and "certbody" to /configuration?m[]=wizards&m[]=https

3) Input passed via multiple parameters to the JWeb administrative web interface is not properly sanitised before being returned to the user.

The following parameters passed to the following scripts are reportedly affected: * "JEXEC_OUTID" to /jexec?JEXEC_MODE=JEXEC_MODE_RELAY_OUTPUT&JEXEC_RPC=request-background-task-start-junoscript * "act" to /scripter.php?debug=1&ifid=1&refresh-time=1 * "refresh-time" to /scripter.php * "ifid" to /scripter?act=header * "revision" to /configuration?m[]=history&action=rollback * "m[]" to /monitor, /manage, /events, /configuration, /alarms, and / " "wizard-next" to /configuration?m[]=wizards&m[]=https

4) Input passed via the "Contact Information", "System Description", "Local Engine ID", "System Location", and "System Name Override" fields to /configuration?m[]=wizards&m[]=snmp&start=true is not properly sanitised before being stored.

Vulnerability #1 is reported in JWeb version 8.5R1.14 and 9.0R1.1. Vulnerabilities #2 through #4 are reported in version 8.5R1.14.

SOLUTION: Filter malicious characters and character sequences in a web proxy.

PROVIDED AND/OR DISCOVERED BY: 1, 2) Amir Azam of ProCheckUp Ltd 3, 4) Richard Brain of ProCheckUp Ltd

ORIGINAL ADVISORY: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-08 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-10

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200909-0227",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "8.5"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "8.5r1.14"
      },
      {
        "model": "networks junos r1.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.0"
      },
      {
        "model": "networks junos r1.14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.5"
      },
      {
        "model": "junos r1.14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "36537"
      },
      {
        "db": "BID",
        "id": "80431"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3486"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:juniper:junos",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Amir Azam, Richard Brain",
    "sources": [
      {
        "db": "BID",
        "id": "36537"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-075"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2009-3486",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2009-3486",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-40932",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-3486",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-3486",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200910-075",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-40932",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40932"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3486"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program. Juniper JUNOS of J-Web The interface contains a cross-site scripting vulnerability.Depending on the remote authenticated user, host Any via parameter Web Script or HTML May be inserted. Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web (Juniper Web Management). \nAttacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. \nThis issue affects the following:\nJ-Web 8.5R1.14\nJ-Web 9.0R1.1. JUNOS is prone to a cross-site scripting vulnerability. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nJuniper JUNOS JWeb Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA36829\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36829/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Juniper JUNOS, which can\nbe exploited by malicious people to conduct cross-site scripting\nattacks and by malicious users to conduct script insertion attacks. \n\n1) Input passed via the URL to the JWeb administrative web interface\nis not properly sanitised before being returned to the user. \n\n2) Input passed via multiple parameters to the JWeb administrative\nweb interface is not properly sanitised before being returned to the\nuser. \n\nThe following parameters passed to the following scripts are\nreportedly affected:\n* \"host\" to /diagnose?m[]=pinghost and /diagnose?m[]=traceroute\n* \"probe-limit\" to /configuration?m[]=wizards\u0026m[]=rpm\n* \"wizard_ids\" and \"pager-new-identifier\" to\n/configuration?m[]=wizards\u0026m[]=firewall-acl\u0026m[]=firewall-filters\n* \"os-physical-interface-name\" to\n/configuration?m[]=wizards\u0026m[]=cos\u0026m[]=cos-interfaces\n* \"wizard-args\" and \"wizard-ids\" to\n/configuration?m[]=wizards\u0026m[]=snmp\n* \"username\" and \"fullname\" to /configuration?m[]=wizards\u0026m[]=users\n* \"certname\" and \"certbody\" to /configuration?m[]=wizards\u0026m[]=https\n\n3) Input passed via multiple parameters to the JWeb administrative\nweb interface is not properly sanitised before being returned to the\nuser. \n\nThe following parameters passed to the following scripts are\nreportedly affected:\n* \"JEXEC_OUTID\" to\n/jexec?JEXEC_MODE=JEXEC_MODE_RELAY_OUTPUT\u0026JEXEC_RPC=request-background-task-start-junoscript\n* \"act\" to /scripter.php?debug=1\u0026ifid=1\u0026refresh-time=1\n* \"refresh-time\" to /scripter.php\n* \"ifid\" to /scripter?act=header\n* \"revision\" to /configuration?m[]=history\u0026action=rollback\n* \"m[]\" to /monitor, /manage, /events, /configuration, /alarms, and\n/\n\" \"wizard-next\" to /configuration?m[]=wizards\u0026m[]=https\n\n4) Input passed via the \"Contact Information\", \"System Description\",\n\"Local Engine ID\", \"System Location\", and \"System Name Override\"\nfields to /configuration?m[]=wizards\u0026m[]=snmp\u0026start=true is not\nproperly sanitised before being stored. \n\nVulnerability #1 is reported in JWeb version 8.5R1.14 and 9.0R1.1. \nVulnerabilities #2 through #4 are reported in version 8.5R1.14. \n\nSOLUTION:\nFilter malicious characters and character sequences in a web proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) Amir Azam of ProCheckUp Ltd\n3, 4) Richard Brain of ProCheckUp Ltd\n\nORIGINAL ADVISORY:\nhttp://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-08\nhttp://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09\nhttp://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-10\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-3486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      },
      {
        "db": "BID",
        "id": "36537"
      },
      {
        "db": "BID",
        "id": "80431"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40932"
      },
      {
        "db": "PACKETSTORM",
        "id": "81711"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-40932",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40932"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-3486",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "36537",
        "trust": 2.3
      },
      {
        "db": "SECUNIA",
        "id": "36829",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-2784",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-005014",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-075",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "80431",
        "trust": 0.4
      },
      {
        "db": "EXPLOIT-DB",
        "id": "33259",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "33258",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-86495",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-86494",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-40932",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81711",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40932"
      },
      {
        "db": "BID",
        "id": "36537"
      },
      {
        "db": "BID",
        "id": "80431"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      },
      {
        "db": "PACKETSTORM",
        "id": "81711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3486"
      }
    ]
  },
  "id": "VAR-200909-0227",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40932"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T23:06:56.618000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.juniper.net/us/en/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40932"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3486"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09"
      },
      {
        "trust": 2.0,
        "url": "http://www.securityfocus.com/bid/36537"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/36829"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2009/2784"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3486"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3486"
      },
      {
        "trust": 0.4,
        "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-08"
      },
      {
        "trust": 0.4,
        "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-10"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/36829/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40932"
      },
      {
        "db": "BID",
        "id": "36537"
      },
      {
        "db": "BID",
        "id": "80431"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      },
      {
        "db": "PACKETSTORM",
        "id": "81711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3486"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-40932"
      },
      {
        "db": "BID",
        "id": "36537"
      },
      {
        "db": "BID",
        "id": "80431"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      },
      {
        "db": "PACKETSTORM",
        "id": "81711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3486"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-09-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-40932"
      },
      {
        "date": "2009-09-22T00:00:00",
        "db": "BID",
        "id": "36537"
      },
      {
        "date": "2009-09-30T00:00:00",
        "db": "BID",
        "id": "80431"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      },
      {
        "date": "2009-09-29T12:47:23",
        "db": "PACKETSTORM",
        "id": "81711"
      },
      {
        "date": "2009-09-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200910-075"
      },
      {
        "date": "2009-09-30T15:30:00.500000",
        "db": "NVD",
        "id": "CVE-2009-3486"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-10-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-40932"
      },
      {
        "date": "2009-09-29T16:40:00",
        "db": "BID",
        "id": "36537"
      },
      {
        "date": "2009-09-30T00:00:00",
        "db": "BID",
        "id": "80431"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      },
      {
        "date": "2009-10-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200910-075"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2009-3486"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "36537"
      },
      {
        "db": "BID",
        "id": "80431"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper JUNOS of  J-Web Interface cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-005014"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "81711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-075"
      }
    ],
    "trust": 0.7
  }
}

FKIE_CVE-2009-3486

Vulnerability from fkie_nvd - Published: 2009-09-30 15:30 - Updated: 2026-04-23 00:35

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/36829	Vendor Advisory
cve@mitre.org	http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/36537	Exploit
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2784	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36829	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36537	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2784	Vendor Advisory

Impacted products

	Vendor	Product	Version
	juniper	junos	8.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:8.5:r1.14:*:*:*:*:*:*",
              "matchCriteriaId": "4D5C18F9-DAA8-4F1A-8A5E-9A544C607624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en (XSS) la interface J-Web en Juniper JUNOS v8.5R1.14 permite a usuarios autenticados remotamente ejecutar c\u00f3digo web y HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro host en (1) el programa pinghost, accesible a trav\u00e9s del programa diagnose; o (2) el programa traceroute, accesible a trav\u00e9s del programa diagnose; o (3)el par\u00e1metro probe-limit en el programa configuration; los (4) par\u00e1metros wizard-ids o (5)par\u00e1metro pager-new-identifier en una acci\u00f3n firewall-filters en el programa configuration (6) par\u00e1metro the cos-physical-interface-name en una acci\u00f3n cos-physical-interfaces-edit en el programa configuration; los par\u00e1metros (7) wizard-args o (8) wizard-ids en una acci\u00f3n snmp en el programa configuration; los par\u00e1metros(9) username o (10) fullname en una acci\u00f3n users en el programa configuration; o los par\u00e1metros (11) certname o (12) certbody en una acci\u00f3n local-cert (como https) en el programa configuration."
    }
  ],
  "id": "CVE-2009-3486",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-09-30T15:30:00.500",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36829"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/36537"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/36537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2784"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3486 (GCVE-0-2009-3486)

GHSA-VPH7-V96R-WC7M

GSD-2009-3486

VAR-200909-0227

FKIE_CVE-2009-3486

Tags

Sightings

Nomenclature