Details of VAR-200803-0003

ID

VAR-200803-0003

CVE

CVE-2007-6704

TITLE

F5 FirePass Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2008-002561

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks. F5 Networks FirePass 4100 SSL VPNs running these firmware versions are vulnerable: 5.4.1 through 5.5.2 6.0 6.0.1. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Input passed via the URL to my.activation.php3 and my.logon.php3 is not properly sanitised before being returned to the user. The vulnerabilities are reported in FirePass versions 5.4.1 to 5.5.2 and FirePass versions 6.0 to 6.0.1. SOLUTION: The vendor has issued cumulative hotfix HF-601-6 for version 6.0.1: https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html Filter malicious characters and character sequences in a web proxy. PROVIDED AND/OR DISCOVERED BY: Adrian Pastor, Jan Fry, and Richard Brain of ProCheckUp Ltd. ORIGINAL ADVISORY: F5: https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html Procheckup Ltd: http://www.procheckup.com/Vulnerability_PR07-14.php http://www.procheckup.com/Vulnerability_PR07-15.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.34

sources: NVD: CVE-2007-6704 // JVNDB: JVNDB-2008-002561 // BID: 26659 // BID: 26661 // VULHUB: VHN-30066 // PACKETSTORM: 61438

AFFECTED PRODUCTS

vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.4.9	Trust: 1.6
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.4.2	Trust: 1.6
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.5.0	Trust: 1.6
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.5.2	Trust: 1.6
vendor:	f5	model:	firepass 4100	scope:	eq	version:	6.0.1	Trust: 1.6
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.4.8	Trust: 1.6
vendor:	f5	model:	firepass 4100	scope:	eq	version:	6.0	Trust: 1.6
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.5.1	Trust: 1.6
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.4.1	Trust: 1.6
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.4.3	Trust: 1.6
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.4.4	Trust: 1.0
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.4.5	Trust: 1.0
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.4.6	Trust: 1.0
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.4.7	Trust: 1.0
vendor:	f5	model:	firepass 4100	scope:	eq	version:	5.4.1 to 5.5.2	Trust: 0.8
vendor:	f5	model:	firepass 4100	scope:	eq	version:	and 6.0 to 6.0.1	Trust: 0.8
vendor:	f5	model:	firepass	scope:	eq	version:	41000	Trust: 0.6
vendor:	f5	model:	firepass	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	f5	model:	firepass	scope:	eq	version:	5.5.2	Trust: 0.6
vendor:	f5	model:	firepass	scope:	eq	version:	6.0	Trust: 0.6
vendor:	f5	model:	firepass	scope:	eq	version:	41005.4.2	Trust: 0.3
vendor:	f5	model:	firepass	scope:	eq	version:	5.4.1	Trust: 0.3
vendor:	f5	model:	firepass	scope:	-	version:	-	Trust: 0.3
vendor:	f5	model:	firepass	scope:	eq	version:	5.4	Trust: 0.3

sources: BID: 26659 // BID: 26661 // JVNDB: JVNDB-2008-002561 // CNNVD: CNNVD-200803-042 // NVD: CVE-2007-6704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-6704
value:	LOW
Trust: 1.0
NVD:	CVE-2007-6704
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200803-042
value:	LOW
Trust: 0.6
VULHUB:	VHN-30066
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2007-6704
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-30066
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-30066 // JVNDB: JVNDB-2008-002561 // CNNVD: CNNVD-200803-042 // NVD: CVE-2007-6704

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-30066 // JVNDB: JVNDB-2008-002561 // NVD: CVE-2007-6704

THREAT TYPE

network

Trust: 0.6

sources: BID: 26659 // BID: 26661

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 61438 // CNNVD: CNNVD-200803-042

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002561

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-30066

PATCH

title:

Top Page

url:

http://www.f5.com/products/firepass/

Trust: 0.8

sources: JVNDB: JVNDB-2008-002561

EXTERNAL IDS

db:	NVD	id:	CVE-2007-6704	Trust: 3.1
db:	BID	id:	26659	Trust: 2.0
db:	BID	id:	26661	Trust: 2.0
db:	SECUNIA	id:	27904	Trust: 1.8
db:	SECTRACK	id:	1019031	Trust: 1.7
db:	SREASON	id:	3712	Trust: 1.7
db:	OSVDB	id:	38980	Trust: 1.7
db:	OSVDB	id:	38981	Trust: 1.7
db:	JVNDB	id:	JVNDB-2008-002561	Trust: 0.8
db:	CNNVD	id:	CNNVD-200803-042	Trust: 0.7
db:	BUGTRAQ	id:	20080523 PR07-15: CROSS-SITE SCRIPTING (XSS) / HTML INJECTION ON F5 FIREPASS 4100 SSL VPN 'MY.LOGON.PHP3' SERVER-SIDE SCRIPT	Trust: 0.6
db:	BUGTRAQ	id:	20071130 PR07-14: CROSS-SITE SCRIPTING (XSS) / HTML INJECTION ON F5 FIREPASS 4100 SSL VPN 'MY.ACTIVATION.PHP3' SERVER-SIDE SCRIPT	Trust: 0.6
db:	BUGTRAQ	id:	20071130 PR07-15: CROSS-SITE SCRIPTING (XSS) / HTML INJECTION ON F5 FIREPASS 4100 SSL VPN 'MY.LOGON.PHP3' SERVER-SIDE SCRIPT	Trust: 0.6
db:	XF	id:	3	Trust: 0.6
db:	XF	id:	38795	Trust: 0.6
db:	XF	id:	38785	Trust: 0.6
db:	MISC	id:	HTTP://WWW.PROCHECKUP.COM/VULNERABILITY_PR07-14.PHP	Trust: 0.6
db:	EXPLOIT-DB	id:	30834	Trust: 0.1
db:	EXPLOIT-DB	id:	30833	Trust: 0.1
db:	SEEBUG	id:	SSVID-84198	Trust: 0.1
db:	VULHUB	id:	VHN-30066	Trust: 0.1
db:	PACKETSTORM	id:	61438	Trust: 0.1

sources: VULHUB: VHN-30066 // BID: 26659 // BID: 26661 // JVNDB: JVNDB-2008-002561 // PACKETSTORM: 61438 // CNNVD: CNNVD-200803-042 // NVD: CVE-2007-6704

REFERENCES

url:	http://www.procheckup.com/vulnerability_pr07-14.php	Trust: 2.1
url:	http://www.securityfocus.com/bid/26659	Trust: 1.7
url:	http://www.securityfocus.com/bid/26661	Trust: 1.7
url:	http://www.procheckup.com/vulnerability_pr07-15a.php	Trust: 1.7
url:	http://www.osvdb.org/38980	Trust: 1.7
url:	http://www.osvdb.org/38981	Trust: 1.7
url:	http://www.securitytracker.com/id?1019031	Trust: 1.7
url:	http://secunia.com/advisories/27904	Trust: 1.7
url:	http://securityreason.com/securityalert/3712	Trust: 1.7
url:	https://support.f5.com/kb/en-us/solutions/public/7000/900/sol7923.html	Trust: 1.2
url:	http://www.securityfocus.com/archive/1/484411/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/484413/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/492511/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/38785	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/38795	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6704	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6704	Trust: 0.8
url:	https://support.f5.com/kb/en-us/solutions/public/7000/900/sol7923.html?sr=1	Trust: 0.6
url:	http://f5.com/products/firepass/	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/38795	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/38785	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/484411/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/492511/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/484413/100/0/threaded	Trust: 0.6
url:	http://www.procheckup.com/vulnerability_pr07-15.php	Trust: 0.4
url:	/archive/1/484413	Trust: 0.3
url:	/archive/1/492511	Trust: 0.3
url:	/archive/1/484411	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/4695/	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv	Trust: 0.1
url:	http://secunia.com/advisories/27904/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/13146/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-30066 // BID: 26659 // BID: 26661 // JVNDB: JVNDB-2008-002561 // PACKETSTORM: 61438 // CNNVD: CNNVD-200803-042 // NVD: CVE-2007-6704

CREDITS

Adrian Pastor and Jan Fry of ProCheckUp are credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 26661 // CNNVD: CNNVD-200803-042

SOURCES

db:	VULHUB	id:	VHN-30066
db:	BID	id:	26659
db:	BID	id:	26661
db:	JVNDB	id:	JVNDB-2008-002561
db:	PACKETSTORM	id:	61438
db:	CNNVD	id:	CNNVD-200803-042
db:	NVD	id:	CVE-2007-6704

LAST UPDATE DATE

2024-11-23T20:06:59.021000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-30066	date:	2018-10-15T00:00:00
db:	BID	id:	26659	date:	2015-04-16T18:08:00
db:	BID	id:	26661	date:	2015-05-07T17:35:00
db:	JVNDB	id:	JVNDB-2008-002561	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200803-042	date:	2009-04-08T00:00:00
db:	NVD	id:	CVE-2007-6704	date:	2024-11-21T00:40:48.460

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-30066	date:	2008-03-05T00:00:00
db:	BID	id:	26659	date:	2007-11-30T00:00:00
db:	BID	id:	26661	date:	2007-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2008-002561	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	61438	date:	2007-12-04T04:44:29
db:	CNNVD	id:	CNNVD-200803-042	date:	2008-03-05T00:00:00
db:	NVD	id:	CVE-2007-6704	date:	2008-03-05T23:44:00