Details of VAR-201006-0427

ID

VAR-201006-0427

CVE

CVE-2010-2289

TITLE

Juniper Networks IVE of dana/home/homepage.cgi Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-004877

DESCRIPTION

Open redirect vulnerability in dana/home/homepage.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Location parameter. Juniper Networks IVE OS is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are also possible. IVE OS 6.5R1.0 and 6.5R2.0 are vulnerable; prior versions may also be affected. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Juniper IVE OS Redirection Weakness SECUNIA ADVISORY ID: SA40117 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40117/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40117 RELEASE DATE: 2010-06-11 DISCUSS ADVISORY: http://secunia.com/advisories/40117/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40117/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40117 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Richard Brain has reported a weakness in Juniper IVE OS, which can be exploited by malicious people to conduct redirection attacks. The weakness is caused due to the homepage.cgi script allowing to redirect users to a site specified by an attacker. This can be exploited to e.g. redirect users to an (untrusted) fake site. The weakness is reported in version 6.5R1 (Build 14599) and version 6.5R2 (Build 14951) using Model SA-2000. SOLUTION: Update to version 6.5R3.1 (build 15255). PROVIDED AND/OR DISCOVERED BY: Richard Brain, ProCheckUp Ltd ORIGINAL ADVISORY: Juniper: http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-05-751&viewMode=view ProCheckUp Ltd: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-17 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-2289 // JVNDB: JVNDB-2010-004877 // BID: 40729 // VULHUB: VHN-44894 // PACKETSTORM: 90488

AFFECTED PRODUCTS

vendor:	juniper	model:	secure access	scope:	eq	version:	6.5	Trust: 1.6
vendor:	juniper	model:	secure access	scope:	eq	version:	6.5r1 (build 14599) and 6.5r2 (build 14951)	Trust: 0.8
vendor:	juniper	model:	ive os 6.5r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	ive os 6.5r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	ive os 6.5r3.1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 40729 // JVNDB: JVNDB-2010-004877 // CNNVD: CNNVD-201006-249 // NVD: CVE-2010-2289

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-2289
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-2289
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-249
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-44894
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-2289
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-44894
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-44894 // JVNDB: JVNDB-2010-004877 // CNNVD: CNNVD-201006-249 // NVD: CVE-2010-2289

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-44894 // JVNDB: JVNDB-2010-004877 // NVD: CVE-2010-2289

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-249

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201006-249

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-004877

PATCH

title:

Top Page

url:

http://www.juniper.net/us/en/

Trust: 0.8

sources: JVNDB: JVNDB-2010-004877

EXTERNAL IDS

db:	NVD	id:	CVE-2010-2289	Trust: 2.8
db:	BID	id:	40729	Trust: 2.0
db:	SECUNIA	id:	40117	Trust: 1.8
db:	VUPEN	id:	ADV-2010-1420	Trust: 1.7
db:	OSVDB	id:	65289	Trust: 1.7
db:	JVNDB	id:	JVNDB-2010-004877	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-249	Trust: 0.7
db:	XF	id:	59284	Trust: 0.6
db:	BUGTRAQ	id:	20100610 PR09-17: JUNIPER SECURE ACCESS SERIERS (JUNIPER IVE) AUTHENTICATED XSS & REDIRECTION	Trust: 0.6
db:	VULHUB	id:	VHN-44894	Trust: 0.1
db:	PACKETSTORM	id:	90488	Trust: 0.1

sources: VULHUB: VHN-44894 // BID: 40729 // JVNDB: JVNDB-2010-004877 // PACKETSTORM: 90488 // CNNVD: CNNVD-201006-249 // NVD: CVE-2010-2289

REFERENCES

url:	http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-17	Trust: 2.1
url:	http://www.securityfocus.com/bid/40729	Trust: 1.7
url:	http://osvdb.org/65289	Trust: 1.7
url:	http://secunia.com/advisories/40117	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1420	Trust: 1.7
url:	http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search&txtalertnumber=psn-2010-05-751&viewmode=view	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/511775/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/59284	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2289	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2289	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/59284	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/511775/100/0/threaded	Trust: 0.6
url:	http://www.juniper.net/customers/support/products/iveos.jsp	Trust: 0.3
url:	http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search&txtalertnumber=psn-2010-05-751&viewmode=view	Trust: 0.1
url:	http://secunia.com/advisories/40117/#comments	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/40117/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/webinars/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=40117	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-44894 // BID: 40729 // JVNDB: JVNDB-2010-004877 // PACKETSTORM: 90488 // CNNVD: CNNVD-201006-249 // NVD: CVE-2010-2289

CREDITS

Richard Brain, ProCheckUp Ltd

Trust: 0.3

sources: BID: 40729

SOURCES

db:	VULHUB	id:	VHN-44894
db:	BID	id:	40729
db:	JVNDB	id:	JVNDB-2010-004877
db:	PACKETSTORM	id:	90488
db:	CNNVD	id:	CNNVD-201006-249
db:	NVD	id:	CVE-2010-2289

LAST UPDATE DATE

2025-04-11T23:05:58.119000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-44894	date:	2018-10-10T00:00:00
db:	BID	id:	40729	date:	2015-04-13T21:02:00
db:	JVNDB	id:	JVNDB-2010-004877	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201006-249	date:	2010-06-18T00:00:00
db:	NVD	id:	CVE-2010-2289	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-44894	date:	2010-06-15T00:00:00
db:	BID	id:	40729	date:	2010-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2010-004877	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	90488	date:	2010-06-11T13:54:17
db:	CNNVD	id:	CNNVD-201006-249	date:	2010-06-18T00:00:00
db:	NVD	id:	CVE-2010-2289	date:	2010-06-15T14:04:26.640