Details of VAR-199911-0072

ID

VAR-199911-0072

CVE

CVE-1999-1550

TITLE

F5 Software BigIP of bigconf.cgi Script leaking file content vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199911-027

DESCRIPTION

bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. BigIP is a load balancing system from F5 software. It has a web-based configuration system, which is vulnerable to several standard CGI attacks. According to Guy Cohen <guy@crypto.org.il>, it is possible to view arbitrary files on the BSDI system which it is installed on. To add to this, the configuration program is installed setuid root. This is considered a local vulnerability since htaccess authentication is required to get to the configuration area. No more information on this vulnerability is available. It has a web management interface and configures the program through some CGI scripts. There is an input validation vulnerability in the \"bigconf.cgi\" script in the software package, allowing remote attackers to view arbitrary system files with the authority of the Web Server process. The bug finder did not provide further clarification

Trust: 1.26

sources: NVD: CVE-1999-1550 // BID: 778 // VULHUB: VHN-1531

AFFECTED PRODUCTS

vendor:	f5	model:	tmos	scope:	eq	version:	2.0	Trust: 1.6
vendor:	f5	model:	big-ip	scope:	eq	version:	2.0	Trust: 0.9
vendor:	f5	model:	big-ip	scope:	ne	version:	2.1	Trust: 0.3

sources: BID: 778 // CNNVD: CNNVD-199911-027 // NVD: CVE-1999-1550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1550
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-199911-027
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-1531
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-1999-1550
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-1531
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1531 // CNNVD: CNNVD-199911-027 // NVD: CVE-1999-1550

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1550

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199911-027

TYPE

Unknown

Trust: 0.9

sources: BID: 778 // CNNVD: CNNVD-199911-027

EXTERNAL IDS

db:	BID	id:	778	Trust: 2.0
db:	NVD	id:	CVE-1999-1550	Trust: 1.7
db:	CNNVD	id:	CNNVD-199911-027	Trust: 0.7
db:	XF	id:	7771	Trust: 0.6
db:	BUGTRAQ	id:	19991109 RE: BIGIP - BIGCONF.CGI HOLES	Trust: 0.6
db:	BUGTRAQ	id:	19991109	Trust: 0.6
db:	BUGTRAQ	id:	19991108 BIGIP - BIGCONF.CGI HOLES	Trust: 0.6
db:	NSFOCUS	id:	3206	Trust: 0.6
db:	VULHUB	id:	VHN-1531	Trust: 0.1

sources: VULHUB: VHN-1531 // BID: 778 // CNNVD: CNNVD-199911-027 // NVD: CVE-1999-1550

REFERENCES

url:	http://www.securityfocus.com/bid/778	Trust: 1.7
url:	http://www.iss.net/security_center/static/7771.php	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=94217006208374&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=94225879703021&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=94217879020184&w=2	Trust: 1.1
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=94225879703021&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=94217879020184&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=94217006208374&w=2	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/3206	Trust: 0.6
url:	http://www.f5.com/f5products/bigip/	Trust: 0.3

sources: VULHUB: VHN-1531 // BID: 778 // CNNVD: CNNVD-199911-027 // NVD: CVE-1999-1550

CREDITS

Guy Cohen※ guy@crypto.org.il

Trust: 0.6

sources: CNNVD: CNNVD-199911-027

SOURCES

db:	VULHUB	id:	VHN-1531
db:	BID	id:	778
db:	CNNVD	id:	CNNVD-199911-027
db:	NVD	id:	CVE-1999-1550

LAST UPDATE DATE

2024-08-14T15:25:53.030000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1531	date:	2018-10-30T00:00:00
db:	BID	id:	778	date:	1999-11-08T00:00:00
db:	CNNVD	id:	CNNVD-199911-027	date:	2005-10-12T00:00:00
db:	NVD	id:	CVE-1999-1550	date:	2018-10-30T16:25:33.730

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1531	date:	1999-11-08T00:00:00
db:	BID	id:	778	date:	1999-11-08T00:00:00
db:	CNNVD	id:	CNNVD-199911-027	date:	1999-11-08T00:00:00
db:	NVD	id:	CVE-1999-1550	date:	1999-11-08T05:00:00