Details of VAR-201109-0001

ID

VAR-201109-0001

CVE

CVE-2009-5086

TITLE

Juniper Networks IDP ACM vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2011-000071

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Juniper Networks IDP ACM provides a web interface for changing configurations in the IDP. The ACM contains a cross-site scripting vulnerability. Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The following products are affected: Juniper IDP 4.1 versions prior to 4.1r3 Juniper IDP 4.2 versions prior to 4.2r1

Trust: 1.98

sources: NVD: CVE-2009-5086 // JVNDB: JVNDB-2011-000071 // BID: 49498 // VULHUB: VHN-42532

AFFECTED PRODUCTS

vendor:	juniper	model:	idp	scope:	eq	version:	4.2	Trust: 1.9
vendor:	juniper	model:	idp	scope:	eq	version:	4.1	Trust: 1.9
vendor:	juniper	model:	idp	scope:	eq	version:	4.1r2	Trust: 1.6
vendor:	juniper	model:	idp	scope:	eq	version:	4.1r1	Trust: 1.6
vendor:	juniper	model:	networks idp	scope:	eq	version:	prior to 4.1r3	Trust: 0.8
vendor:	juniper	model:	networks idp	scope:	eq	version:	prior to 4.2r1	Trust: 0.8
vendor:	juniper	model:	idp 4.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	idp 4.2r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	idp 4.1r3	scope:	ne	version:	-	Trust: 0.3

sources: BID: 49498 // JVNDB: JVNDB-2011-000071 // CNNVD: CNNVD-201109-003 // NVD: CVE-2009-5086

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-5086
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2011-000071
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201109-003
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-42532
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-5086
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2011-000071
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-42532
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-42532 // JVNDB: JVNDB-2011-000071 // CNNVD: CNNVD-201109-003 // NVD: CVE-2009-5086

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-42532 // JVNDB: JVNDB-2011-000071 // NVD: CVE-2009-5086

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201109-003

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201109-003

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-000071

PATCH

title:

Juniper Security Advisory: Cross-Site Scripting (XSS) Vulnerability in IDP ACM - PSN-2009-01-191 (Registered Users Only)

url:

http://www.juniper.net/customers/support/

Trust: 0.8

sources: JVNDB: JVNDB-2011-000071

EXTERNAL IDS

db:	NVD	id:	CVE-2009-5086	Trust: 2.8
db:	JVNDB	id:	JVNDB-2011-000071	Trust: 1.9
db:	JVN	id:	JVN44642341	Trust: 1.9
db:	CNNVD	id:	CNNVD-201109-003	Trust: 0.7
db:	BID	id:	49498	Trust: 0.4
db:	VULHUB	id:	VHN-42532	Trust: 0.1

sources: VULHUB: VHN-42532 // BID: 49498 // JVNDB: JVNDB-2011-000071 // CNNVD: CNNVD-201109-003 // NVD: CVE-2009-5086

REFERENCES

url:	http://jvn.jp/en/jp/jvn44642341/index.html	Trust: 1.9
url:	http://s-tools1.juniper.net/alerts/viewalert.jsp?actionbtn=search&txtalertnumber=psn-2009-01-191&viewmode=view	Trust: 1.6
url:	http://jvndb.jvn.jp/ja/contents/2011/jvndb-2011-000071.html	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-5086	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-5086	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://s-tools1.juniper.net/alerts/viewalert.jsp?actionbtn=search&txtalertnumber=psn-2009-01-191&vie	Trust: 0.3
url:	http://s-tools1.juniper.net/alerts/viewalert.jsp?actionbtn=search&txtalertnumber=psn-2009-01-191&viewmode=view	Trust: 0.1

sources: VULHUB: VHN-42532 // BID: 49498 // JVNDB: JVNDB-2011-000071 // CNNVD: CNNVD-201109-003 // NVD: CVE-2009-5086

CREDITS

Davy Douhine

Trust: 0.3

sources: BID: 49498

SOURCES

db:	VULHUB	id:	VHN-42532
db:	BID	id:	49498
db:	JVNDB	id:	JVNDB-2011-000071
db:	CNNVD	id:	CNNVD-201109-003
db:	NVD	id:	CVE-2009-5086

LAST UPDATE DATE

2025-04-11T23:13:00.449000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-42532	date:	2011-10-26T00:00:00
db:	BID	id:	49498	date:	2011-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2011-000071	date:	2011-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201109-003	date:	2011-09-05T00:00:00
db:	NVD	id:	CVE-2009-5086	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-42532	date:	2011-09-02T00:00:00
db:	BID	id:	49498	date:	2011-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2011-000071	date:	2011-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201109-003	date:	2011-09-05T00:00:00
db:	NVD	id:	CVE-2009-5086	date:	2011-09-02T17:55:00.943