Sign-up

ID

VAR-200711-0099


CVE

CVE-2007-5979


TITLE

F5 FirePass 4100 SSL VPN Download_Plugin.PHP3 Cross-Site Scripting Vulnerability

Trust: 0.9

sources: BID: 26412 // CNNVD: CNNVD-200711-208

DESCRIPTION

Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks. F5 FirePass 4100 SSL VPNs running these firmware versions are vulnerable: 5.4 through 5.5.2 6.0 6.0.1. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Input passed to the "backurl" parameter in download_plugin.php3 isn't properly sanitised before being returned to the user. The vulnerability reportedly affects versions 5.4 to 5.5.2 and 6.0 to 6.0.1. SOLUTION: The vendor has issued a solution at: https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html PROVIDED AND/OR DISCOVERED BY: Jan Fry and Adrian Pastor, Procheckup Ltd ORIGINAL ADVISORY: F5: https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html Procheckup Ltd: http://www.procheckup.com/Vulnerability_PR07-13.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-5979 // JVNDB: JVNDB-2007-002890 // BID: 26412 // VULHUB: VHN-29341 // PACKETSTORM: 60924

AFFECTED PRODUCTS

vendor:f5model:firepass 4100scope:eqversion:5.4.9

Trust: 1.6

vendor:f5model:firepass 4100scope:eqversion:5.4.2

Trust: 1.6

vendor:f5model:firepass 4100scope:eqversion:5.4.7

Trust: 1.6

vendor:f5model:firepass 4100scope:eqversion:5.4.8

Trust: 1.6

vendor:f5model:firepass 4100scope:eqversion:5.4.5

Trust: 1.6

vendor:f5model:firepass 4100scope:eqversion:5.4.1

Trust: 1.6

vendor:f5model:firepass 4100scope:eqversion:5.4.3

Trust: 1.6

vendor:f5model:firepass 4100scope:eqversion:5.4.4

Trust: 1.6

vendor:f5model:firepass 4100scope:eqversion:5.4.6

Trust: 1.6

vendor:f5model:firepass 4100scope:eqversion:5.4

Trust: 1.6

vendor:f5model:firepass 4100scope:eqversion:6.0.1

Trust: 1.0

vendor:f5model:firepass 4100scope:eqversion:5.5.0

Trust: 1.0

vendor:f5model:firepass 4100scope:eqversion:5.5.1

Trust: 1.0

vendor:f5model:firepass 4100scope:eqversion:6.0

Trust: 1.0

vendor:f5model:firepass 4100scope:eqversion:ssl vpn 5.4 to 5.5.2

Trust: 0.8

vendor:f5model:firepass 4100scope:eqversion:6.0 to 6.0.1

Trust: 0.8

vendor:f5model:firepassscope:eqversion:41005.4.2

Trust: 0.3

vendor:f5model:firepassscope:eqversion:41000

Trust: 0.3

vendor:f5model:firepassscope:eqversion:6.0.1

Trust: 0.3

vendor:f5model:firepassscope:eqversion:5.5.2

Trust: 0.3

vendor:f5model:firepassscope:eqversion:6.0

Trust: 0.3

vendor:f5model:firepassscope:eqversion:5.4

Trust: 0.3

vendor:f5model:firepassscope: - version: -

Trust: 0.3

sources: BID: 26412 // JVNDB: JVNDB-2007-002890 // CNNVD: CNNVD-200711-208 // NVD: CVE-2007-5979

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-5979
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-5979
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200711-208
value: MEDIUM

Trust: 0.6

VULHUB: VHN-29341
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-5979
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-29341
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-29341 // JVNDB: JVNDB-2007-002890 // CNNVD: CNNVD-200711-208 // NVD: CVE-2007-5979

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-29341 // JVNDB: JVNDB-2007-002890 // NVD: CVE-2007-5979

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200711-208

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 60924 // CNNVD: CNNVD-200711-208

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002890

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-29341

PATCH
title:Top Pageurl:http://www.f5.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002890

EXTERNAL IDS
db:NVDid:CVE-2007-5979
Trust: 2.8
db:BIDid:26412
Trust: 2.0
db:SECUNIAid:27647
Trust: 1.8
db:VUPENid:ADV-2007-3847
Trust: 1.7
db:SECTRACKid:1018937
Trust: 1.7
db:OSVDBid:38665
Trust: 1.7
db:SREASONid:3364
Trust: 1.7
db:JVNDBid:JVNDB-2007-002890
Trust: 0.8
db:XFid:38439
Trust: 0.6
db:BUGTRAQid:20071112 PR07-13: CROSS-SITE SCRIPTING / HTML INJECTION ON F5 FIREPASS 4100 SSL VPN 'DOWNLOAD_PLUGIN.PHP3' SERVER-SIDE SCRIPT
Trust: 0.6
db:CNNVDid:CNNVD-200711-208
Trust: 0.6
db:EXPLOIT-DBid:30755
Trust: 0.1
db:SEEBUGid:SSVID-84122
Trust: 0.1
db:VULHUBid:VHN-29341
Trust: 0.1
db:PACKETSTORMid:60924
Trust: 0.1
sources:
            
            
            VULHUB: VHN-29341 // 
            
            
            
            BID: 26412 // 
            
            
            
            JVNDB: JVNDB-2007-002890 // 
            
            
            
            PACKETSTORM: 60924 // 
            
            
            
            CNNVD: CNNVD-200711-208 // 
            
            
            
            NVD: CVE-2007-5979

REFERENCES
url:https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html
Trust: 2.1
url:http://www.procheckup.com/vulnerability_pr07-13.php
Trust: 2.1
url:http://www.securityfocus.com/bid/26412
Trust: 1.7
url:http://osvdb.org/38665
Trust: 1.7
url:http://www.securitytracker.com/id?1018937
Trust: 1.7
url:http://secunia.com/advisories/27647
Trust: 1.7
url:http://securityreason.com/securityalert/3364
Trust: 1.7
url:http://www.securityfocus.com/archive/1/483601/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/3847
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/38439
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5979
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5979
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/483601/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/38439
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/3847
Trust: 0.6
url:http://f5.com/products/firepass/
Trust: 0.3
url:/archive/1/483601
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/4695/
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/13146/
Trust: 0.1
url:http://secunia.com/advisories/27647/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-29341 // 
            
            
            
            BID: 26412 // 
            
            
            
            JVNDB: JVNDB-2007-002890 // 
            
            
            
            PACKETSTORM: 60924 // 
            
            
            
            CNNVD: CNNVD-200711-208 // 
            
            
            
            NVD: CVE-2007-5979

CREDITS
Jan Fry
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200711-208

SOURCES
db:VULHUBid:VHN-29341
db:BIDid:26412
db:JVNDBid:JVNDB-2007-002890
db:PACKETSTORMid:60924
db:CNNVDid:CNNVD-200711-208
db:NVDid:CVE-2007-5979

LAST UPDATE DATE
2024-11-23T22:57:11.950000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-29341date:2018-10-15T00:00:00
db:BIDid:26412date:2007-11-22T22:44:00
db:JVNDBid:JVNDB-2007-002890date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200711-208date:2007-11-15T00:00:00
db:NVDid:CVE-2007-5979date:2024-11-21T00:39:05.637

SOURCES RELEASE DATE
db:VULHUBid:VHN-29341date:2007-11-15T00:00:00
db:BIDid:26412date:2007-11-12T00:00:00
db:JVNDBid:JVNDB-2007-002890date:2012-06-26T00:00:00
db:PACKETSTORMid:60924date:2007-11-15T02:10:34
db:CNNVDid:CNNVD-200711-208date:2007-11-14T00:00:00
db:NVDid:CVE-2007-5979date:2007-11-15T00:46:00