Sign-up

ID

VAR-200701-0555


CVE

CVE-2007-0186


TITLE

F5 FirePass SSL VPN Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-001369

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550. F5 FirePass SSL VPN Contains a cross-site scripting vulnerability. This vulnerability CVE-2006-3550 And may overlap.By any third party, via Web Script or HTML May be inserted. (1) my.logon.php To xcho Parameters (2) vdesk/admincon/index.php To per In action topblue Custom color parameters (3) vdesk/admincon/index.php To per In action midblue Custom color parameters (4) vdesk/admincon/index.php To per In action wtopblue Custom color parameters, etc. (5) vdesk/admincon/index.php To per In action h321 of Front Door Custom text color parameters (6) vdesk/admincon/index.php To per In action h311 of Front Door Custom text color parameters (7) vdesk/admincon/index.php To per In action h312 of Front Door Custom text color parameters, etc. F5 Firepass is prone to multiple input-validation vulnerabilities because the device fails to sufficiently sanitize user-supplied input. These issues include information-disclosure, security bypass, and cross-site scripting vulnerabilities. An attacker can exploit these issues to bypass security restrictions, to view sensitive information, and to steal cookie-based authentication credentials. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible

Trust: 1.98

sources: NVD: CVE-2007-0186 // JVNDB: JVNDB-2007-001369 // BID: 21957 // VULHUB: VHN-23548

AFFECTED PRODUCTS

vendor:f5model:firepass 4100scope: - version: -

Trust: 1.4

vendor:f5model:firepass 4100scope:eqversion:*

Trust: 1.0

vendor:ubuntumodel:linux sparcscope:eqversion:6.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:6.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:6.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:6.10

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:f5model:firepassscope: - version: -

Trust: 0.3

sources: BID: 21957 // JVNDB: JVNDB-2007-001369 // CNNVD: CNNVD-200701-179 // NVD: CVE-2007-0186

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0186
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-0186
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200701-179
value: MEDIUM

Trust: 0.6

VULHUB: VHN-23548
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-0186
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23548
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-23548 // JVNDB: JVNDB-2007-001369 // CNNVD: CNNVD-200701-179 // NVD: CVE-2007-0186

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0186

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-179

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200701-179

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001369

PATCH
title:Top Pageurl:http://www.f5.com/products/firepass/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001369

EXTERNAL IDS
db:NVDid:CVE-2007-0186
Trust: 2.5
db:BIDid:21957
Trust: 2.0
db:SECUNIAid:23643
Trust: 1.7
db:SECUNIAid:23627
Trust: 1.7
db:OSVDBid:32741
Trust: 1.7
db:OSVDBid:32742
Trust: 1.7
db:OSVDBid:32738
Trust: 1.7
db:OSVDBid:32739
Trust: 1.7
db:OSVDBid:32740
Trust: 1.7
db:OSVDBid:32737
Trust: 1.7
db:OSVDBid:32743
Trust: 1.7
db:JVNDBid:JVNDB-2007-001369
Trust: 0.8
db:CNNVDid:CNNVD-200701-179
Trust: 0.7
db:FULLDISCid:20070106 NNL-LABS & MNIN - F5 FIREPASS SECURITY ADVISORY
Trust: 0.6
db:VULHUBid:VHN-23548
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23548 // 
            
            
            
            BID: 21957 // 
            
            
            
            JVNDB: JVNDB-2007-001369 // 
            
            
            
            CNNVD: CNNVD-200701-179 // 
            
            
            
            NVD: CVE-2007-0186

REFERENCES
url:http://www.mnin.org/advisories/2007_firepass.pdf
Trust: 2.0
url:http://www.securityfocus.com/bid/21957
Trust: 1.7
url:https://tech.f5.com/home/solutions/sol6919.html
Trust: 1.7
url:https://tech.f5.com/home/solutions/sol6920.html
Trust: 1.7
url:http://lists.grok.org.uk/pipermail/full-disclosure/2007-january/051651.html
Trust: 1.7
url:http://www.osvdb.org/32737
Trust: 1.7
url:http://www.osvdb.org/32738
Trust: 1.7
url:http://www.osvdb.org/32739
Trust: 1.7
url:http://www.osvdb.org/32740
Trust: 1.7
url:http://www.osvdb.org/32741
Trust: 1.7
url:http://www.osvdb.org/32742
Trust: 1.7
url:http://www.osvdb.org/32743
Trust: 1.7
url:http://secunia.com/advisories/23627
Trust: 1.7
url:http://secunia.com/advisories/23643
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0186
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0186
Trust: 0.8
url:https://tech.f5.com/home/solutions/sol7005.html 
Trust: 0.3
url:http://f5.com/products/firepass/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-23548 // 
            
            
            
            BID: 21957 // 
            
            
            
            JVNDB: JVNDB-2007-001369 // 
            
            
            
            CNNVD: CNNVD-200701-179 // 
            
            
            
            NVD: CVE-2007-0186

CREDITS
Michael Ligh from mnin.org and Greg Sinclair from NNL-Labs are credited with the discovery of these vulnerabilities.
Trust: 0.9
sources:
            
            
            BID: 21957 // 
            
            
            
            CNNVD: CNNVD-200701-179

SOURCES
db:VULHUBid:VHN-23548
db:BIDid:21957
db:JVNDBid:JVNDB-2007-001369
db:CNNVDid:CNNVD-200701-179
db:NVDid:CVE-2007-0186

LAST UPDATE DATE
2024-11-23T22:04:02.247000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-23548date:2008-09-05T00:00:00
db:BIDid:21957date:2007-01-25T16:28:00
db:JVNDBid:JVNDB-2007-001369date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200701-179date:2007-08-07T00:00:00
db:NVDid:CVE-2007-0186date:2024-11-21T00:25:12.017

SOURCES RELEASE DATE
db:VULHUBid:VHN-23548date:2007-01-12T00:00:00
db:BIDid:21957date:2007-01-09T00:00:00
db:JVNDBid:JVNDB-2007-001369date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200701-179date:2007-01-12T00:00:00
db:NVDid:CVE-2007-0186date:2007-01-12T05:04:00