Vigil@nce - Juniper NSM: information disclosure via TRACE
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use the HTTP TRACE method, in order to obtain
information sent to the NSM web server.
Severity: 1/4
Creation date: 12/08/2010
DESCRIPTION OF THE VULNERABILITY
A web server usually supports several HTTP methods:
– GET: direct document downloading
– POST: document downloading, with parameters sent in the query
body
– TRACE: echo back of information sent
– etc.
The TRACE method is usually disabled, because an attacker can use
it to obtain sensitive information. However, it is enabled by
default on NSM.
An attacker can therefore use the HTTP TRACE method, in order to
obtain information sent to the NSM web server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Juniper-NSM-information-disclosure-via-TRACE-9845