Vulnerability Description
Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 8.5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/36829Vendor Advisory
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-08Exploit
- http://www.securityfocus.com/bid/36537Exploit
- http://www.vupen.com/english/advisories/2009/2784Vendor Advisory
- http://secunia.com/advisories/36829Vendor Advisory
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-08Exploit
- http://www.securityfocus.com/bid/36537Exploit
- http://www.vupen.com/english/advisories/2009/2784Vendor Advisory
FAQ
What is CVE-2009-3485?
CVE-2009-3485 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default UR...
How severe is CVE-2009-3485?
CVE-2009-3485 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3485?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos.