Vigil@nce - Juniper J-WEB: access to debug.php
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use the debug.php script of Juniper J-WEB, in
order to obtain sensitive information.
Severity: 1/4
Creation date: 10/02/2011
IMPACTED PRODUCTS
– Juniper J-Series
– Juniper JUNOS
DESCRIPTION OF THE VULNERABILITY
Developers of Juniper J-WEB use the debug.php script, in order to
debug the system.
However, this script was not removed from the final version of the
product. This script is thus included in several JUNOS branches.
An attacker can therefore use the debug.php script of Juniper
J-WEB, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Juniper-J-WEB-access-to-debug-php-10361