Details of VAR-201410-0037

ID

VAR-201410-0037

CVE

CVE-2013-7408

TITLE

F5 BIG-IP Analytics Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2013-006667

DESCRIPTION

F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. An attacker can exploit this issue to gain access to the affected application. BIG-IP Analytics 11.0.0 through 11.3.0 are affected. F5 BIG-IP Analytics is a set of web application performance analysis software developed by F5 Corporation of the United States. The software provides detailed analysis of performance metrics such as transactions per second, server latency, web page load time, and response throughput, among others

Trust: 1.98

sources: NVD: CVE-2013-7408 // JVNDB: JVNDB-2013-006667 // BID: 68792 // VULHUB: VHN-67410

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.1	Trust: 1.9
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.1.0	Trust: 1.9
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.0.0	Trust: 1.9
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.3.0	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.0	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.0	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	11.x	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.3	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf3	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf3	scope:	eq	version:	11.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf4	scope:	eq	version:	11.3.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf5	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf2	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf1	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf5	scope:	eq	version:	11.2.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf2	scope:	eq	version:	11.2.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf7	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics 11.0.0-hf2	scope:	-	version:	-	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	11.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	11.4.1	Trust: 0.3

sources: BID: 68792 // JVNDB: JVNDB-2013-006667 // CNNVD: CNNVD-201407-621 // NVD: CVE-2013-7408

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-7408
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-7408
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201407-621
value:	HIGH
Trust: 0.6
VULHUB:	VHN-67410
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-7408
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-67410
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-67410 // JVNDB: JVNDB-2013-006667 // CNNVD: CNNVD-201407-621 // NVD: CVE-2013-7408

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-67410 // JVNDB: JVNDB-2013-006667 // NVD: CVE-2013-7408

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-621

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201407-621

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006667

PATCH

title:	sol14334: BIG-IP Analytics generates predictable session cookies	url:	http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html	Trust: 0.8
title:	BIGIP-11.4.0.2384.0	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54663	Trust: 0.6

sources: JVNDB: JVNDB-2013-006667 // CNNVD: CNNVD-201407-621

EXTERNAL IDS

db:	NVD	id:	CVE-2013-7408	Trust: 2.8
db:	BID	id:	68792	Trust: 2.0
db:	JVNDB	id:	JVNDB-2013-006667	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-621	Trust: 0.7
db:	VULHUB	id:	VHN-67410	Trust: 0.1

sources: VULHUB: VHN-67410 // BID: 68792 // JVNDB: JVNDB-2013-006667 // CNNVD: CNNVD-201407-621 // NVD: CVE-2013-7408

REFERENCES

url:	http://www.securityfocus.com/bid/68792	Trust: 1.7
url:	http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7408	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7408	Trust: 0.8
url:	http://www.f5.com/	Trust: 0.3
url:	http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html?ref=rss	Trust: 0.3

sources: VULHUB: VHN-67410 // BID: 68792 // JVNDB: JVNDB-2013-006667 // CNNVD: CNNVD-201407-621 // NVD: CVE-2013-7408

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 68792

SOURCES

db:	VULHUB	id:	VHN-67410
db:	BID	id:	68792
db:	JVNDB	id:	JVNDB-2013-006667
db:	CNNVD	id:	CNNVD-201407-621
db:	NVD	id:	CVE-2013-7408

LAST UPDATE DATE

2024-11-23T23:09:21.884000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-67410	date:	2014-10-27T00:00:00
db:	BID	id:	68792	date:	2015-04-13T21:01:00
db:	JVNDB	id:	JVNDB-2013-006667	date:	2014-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201407-621	date:	2014-10-27T00:00:00
db:	NVD	id:	CVE-2013-7408	date:	2024-11-21T02:00:56.763

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-67410	date:	2014-10-26T00:00:00
db:	BID	id:	68792	date:	2014-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-006667	date:	2014-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201407-621	date:	2014-07-25T00:00:00
db:	NVD	id:	CVE-2013-7408	date:	2014-10-26T20:55:02.667