Details of VAR-201410-0909

ID

VAR-201410-0909

CVE

CVE-2014-4023

TITLE

plural F5 BIG-IP Product Configuration Utility tmui/dashboard/echo.jsp Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-005112

DESCRIPTION

Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. plural F5 BIG-IP Product Configuration Utility tmui/dashboard/echo.jsp Contains a cross-site scripting vulnerability.By any third party Web Script or HTML May be inserted. Multiple F5 BIG-IP Products are prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. 0 to 11.4.1 and 10.1.0 to 10.2.4, Enterprise Manager 3.0.0 to 3.1.1 and 2.1.0 to 2.3.0

Trust: 1.98

sources: NVD: CVE-2014-4023 // JVNDB: JVNDB-2014-005112 // BID: 69449 // VULHUB: VHN-71963

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.1.0	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.1	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.0	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.3	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.0	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.1	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.1	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.0	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.1.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.3.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.1.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.1.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.1.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.1.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.1.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.3.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.1.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.0.0 to 11.4.1	Trust: 0.8
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.1.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.1.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.1.0 to 2.3.0	Trust: 0.8
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.0.0 to 3.1.1	Trust: 0.8

sources: JVNDB: JVNDB-2014-005112 // CNNVD: CNNVD-201408-497 // NVD: CVE-2014-4023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4023
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-4023
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201408-497
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71963
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-4023
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71963
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71963 // JVNDB: JVNDB-2014-005112 // CNNVD: CNNVD-201408-497 // NVD: CVE-2014-4023

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-71963 // JVNDB: JVNDB-2014-005112 // NVD: CVE-2014-4023

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-497

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201408-497

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005112

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-71963

PATCH

title:	sol15532: XSS vulnerability in echo.jsp CVE-2014-4023	url:	https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html	Trust: 0.8
title:	BIGIP-11.5.2.0.0.141	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55445	Trust: 0.6
title:	Hotfix-BIGIP-11.5.1.6.0.159-HF6	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55444	Trust: 0.6
title:	BIGIP-11.6.0.0.0.401	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55446	Trust: 0.6

sources: JVNDB: JVNDB-2014-005112 // CNNVD: CNNVD-201408-497

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4023	Trust: 2.8
db:	SECTRACK	id:	1030776	Trust: 1.1
db:	BID	id:	69449	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-005112	Trust: 0.8
db:	CNNVD	id:	CNNVD-201408-497	Trust: 0.7
db:	PACKETSTORM	id:	128034	Trust: 0.1
db:	VULHUB	id:	VHN-71963	Trust: 0.1

sources: VULHUB: VHN-71963 // BID: 69449 // JVNDB: JVNDB-2014-005112 // CNNVD: CNNVD-201408-497 // NVD: CVE-2014-4023

REFERENCES

url:	https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html	Trust: 1.7
url:	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140828-f5_big-ip_reflected_xss_v10.txt	Trust: 1.1
url:	http://www.securitytracker.com/id/1030776	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4023	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4023	Trust: 0.8
url:	http://www.securityfocus.com/bid/69449	Trust: 0.6
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-71963 // BID: 69449 // JVNDB: JVNDB-2014-005112 // CNNVD: CNNVD-201408-497 // NVD: CVE-2014-4023

CREDITS

Stefan Viehb??ck

Trust: 0.6

sources: CNNVD: CNNVD-201408-497

SOURCES

db:	VULHUB	id:	VHN-71963
db:	BID	id:	69449
db:	JVNDB	id:	JVNDB-2014-005112
db:	CNNVD	id:	CNNVD-201408-497
db:	NVD	id:	CVE-2014-4023

LAST UPDATE DATE

2024-11-23T22:52:50.744000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71963	date:	2015-08-28T00:00:00
db:	BID	id:	69449	date:	2014-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-005112	date:	2014-10-30T00:00:00
db:	CNNVD	id:	CNNVD-201408-497	date:	2014-10-29T00:00:00
db:	NVD	id:	CVE-2014-4023	date:	2024-11-21T02:09:21.590

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71963	date:	2014-10-28T00:00:00
db:	BID	id:	69449	date:	2014-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-005112	date:	2014-10-30T00:00:00
db:	CNNVD	id:	CNNVD-201408-497	date:	2014-08-28T00:00:00
db:	NVD	id:	CVE-2014-4023	date:	2014-10-28T14:55:05.987