ID

VAR-199911-0072


CVE

CVE-1999-1550


TITLE

F5 Software BigIP of bigconf.cgi Script leaking file content vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199911-027

DESCRIPTION

bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. BigIP is a load balancing system from F5 software. It has a web-based configuration system, which is vulnerable to several standard CGI attacks. According to Guy Cohen <guy@crypto.org.il>, it is possible to view arbitrary files on the BSDI system which it is installed on. To add to this, the configuration program is installed setuid root. This is considered a local vulnerability since htaccess authentication is required to get to the configuration area. No more information on this vulnerability is available. It has a web management interface and configures the program through some CGI scripts. There is an input validation vulnerability in the \"bigconf.cgi\" script in the software package, allowing remote attackers to view arbitrary system files with the authority of the Web Server process. The bug finder did not provide further clarification

Trust: 1.26

sources: NVD: CVE-1999-1550 // BID: 778 // VULHUB: VHN-1531

AFFECTED PRODUCTS

vendor:f5model:tmosscope:eqversion:2.0

Trust: 1.6

vendor:f5model:big-ipscope:eqversion:2.0

Trust: 0.9

vendor:f5model:big-ipscope:neversion:2.1

Trust: 0.3

sources: BID: 778 // CNNVD: CNNVD-199911-027 // NVD: CVE-1999-1550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1550
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-199911-027
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1531
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-1999-1550
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1531
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1531 // CNNVD: CNNVD-199911-027 // NVD: CVE-1999-1550

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1550

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199911-027

TYPE

Unknown

Trust: 0.9

sources: BID: 778 // CNNVD: CNNVD-199911-027

EXTERNAL IDS

db:BIDid:778

Trust: 2.0

db:NVDid:CVE-1999-1550

Trust: 1.7

db:CNNVDid:CNNVD-199911-027

Trust: 0.7

db:XFid:7771

Trust: 0.6

db:BUGTRAQid:19991109 RE: BIGIP - BIGCONF.CGI HOLES

Trust: 0.6

db:BUGTRAQid:19991109

Trust: 0.6

db:BUGTRAQid:19991108 BIGIP - BIGCONF.CGI HOLES

Trust: 0.6

db:NSFOCUSid:3206

Trust: 0.6

db:VULHUBid:VHN-1531

Trust: 0.1

sources: VULHUB: VHN-1531 // BID: 778 // CNNVD: CNNVD-199911-027 // NVD: CVE-1999-1550

REFERENCES

url:http://www.securityfocus.com/bid/778

Trust: 2.7

url:http://www.iss.net/security_center/static/7771.php

Trust: 2.7

url:http://marc.info/?l=bugtraq&m=94217006208374&w=2

Trust: 2.1

url:http://marc.info/?l=bugtraq&m=94225879703021&w=2

Trust: 2.1

url:http://marc.info/?l=bugtraq&m=94217879020184&w=2

Trust: 2.1

url:http://marc.theaimsgroup.com/?l=bugtraq&m=94225879703021&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=94217879020184&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=94217006208374&w=2

Trust: 0.6

url:http://www.nsfocus.net/vulndb/3206

Trust: 0.6

url:http://www.f5.com/f5products/bigip/

Trust: 0.3

sources: VULHUB: VHN-1531 // BID: 778 // CNNVD: CNNVD-199911-027 // NVD: CVE-1999-1550

CREDITS

Guy Cohen※ guy@crypto.org.il

Trust: 0.6

sources: CNNVD: CNNVD-199911-027

SOURCES

db:VULHUBid:VHN-1531
db:BIDid:778
db:CNNVDid:CNNVD-199911-027
db:NVDid:CVE-1999-1550

LAST UPDATE DATE

2024-11-22T23:05:58.900000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1531date:2018-10-30T00:00:00
db:BIDid:778date:1999-11-08T00:00:00
db:CNNVDid:CNNVD-199911-027date:2005-10-12T00:00:00
db:NVDid:CVE-1999-1550date:2024-11-20T23:31:23.070

SOURCES RELEASE DATE

db:VULHUBid:VHN-1531date:1999-11-08T00:00:00
db:BIDid:778date:1999-11-08T00:00:00
db:CNNVDid:CNNVD-199911-027date:1999-11-08T00:00:00
db:NVDid:CVE-1999-1550date:1999-11-08T05:00:00