Details of VAR-200607-0435

ID

VAR-200607-0435

CVE

CVE-2006-3550

TITLE

F5 Firepass 4100 SSL VPN Multiple Unknown Cross-Site Scripting Vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200607-172

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends.". F5 Firepass 4100 SSL VPN is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 1.26

sources: NVD: CVE-2006-3550 // BID: 18799 // VULHUB: VHN-19658

AFFECTED PRODUCTS

vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.4.2	Trust: 1.6
vendor:	f5	model:	firepass	scope:	eq	version:	41005.4.2	Trust: 0.3

sources: BID: 18799 // CNNVD: CNNVD-200607-172 // NVD: CVE-2006-3550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-3550
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200607-172
value:	LOW
Trust: 0.6
VULHUB:	VHN-19658
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2006-3550
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-19658
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-19658 // CNNVD: CNNVD-200607-172 // NVD: CVE-2006-3550

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3550

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-172

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200607-172

EXTERNAL IDS

db:	BID	id:	18799	Trust: 2.0
db:	SECTRACK	id:	1016431	Trust: 1.7
db:	NVD	id:	CVE-2006-3550	Trust: 1.7
db:	SREASON	id:	1237	Trust: 1.7
db:	VUPEN	id:	ADV-2006-2678	Trust: 1.7
db:	CNNVD	id:	CNNVD-200607-172	Trust: 0.7
db:	XF	id:	27547	Trust: 0.6
db:	FULLDISC	id:	20060704 [SCIP_ADVISORY 2352] F5 FIREPASS 4100 PRIOR 6.X MULTIPLE CROSS SITE SCRIPTING	Trust: 0.6
db:	BUGTRAQ	id:	20060704 [SCIP_ADVISORY 2352] F5 FIREPASS 4100 PRIOR 6.X MULTIPLE CROSS SITE SCRIPTING	Trust: 0.6
db:	VULHUB	id:	VHN-19658	Trust: 0.1

sources: VULHUB: VHN-19658 // BID: 18799 // CNNVD: CNNVD-200607-172 // NVD: CVE-2006-3550

REFERENCES

url:	http://www.securityfocus.com/bid/18799	Trust: 1.7
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2006-july/047635.html	Trust: 1.7
url:	http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352	Trust: 1.7
url:	http://securitytracker.com/id?1016431	Trust: 1.7
url:	http://securityreason.com/securityalert/1237	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/439033/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/2678	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/27547	Trust: 1.1
url:	http://www.frsirt.com/english/advisories/2006/2678	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/439033/100/0/threaded	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/27547	Trust: 0.6
url:	http://www.f5.com/products/firepass/	Trust: 0.3

sources: VULHUB: VHN-19658 // BID: 18799 // CNNVD: CNNVD-200607-172 // NVD: CVE-2006-3550

CREDITS

Marc Ruef is credited with the discovery of these vulnerabilities.

Trust: 0.9

sources: BID: 18799 // CNNVD: CNNVD-200607-172

SOURCES

db:	VULHUB	id:	VHN-19658
db:	BID	id:	18799
db:	CNNVD	id:	CNNVD-200607-172
db:	NVD	id:	CVE-2006-3550

LAST UPDATE DATE

2024-08-14T15:20:02.312000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-19658	date:	2018-10-18T00:00:00
db:	BID	id:	18799	date:	2006-07-05T16:49:00
db:	CNNVD	id:	CNNVD-200607-172	date:	2006-07-19T00:00:00
db:	NVD	id:	CVE-2006-3550	date:	2018-10-18T16:47:55.893

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-19658	date:	2006-07-13T00:00:00
db:	BID	id:	18799	date:	2006-07-04T00:00:00
db:	CNNVD	id:	CNNVD-200607-172	date:	2006-07-12T00:00:00
db:	NVD	id:	CVE-2006-3550	date:	2006-07-13T00:05:00