Sign-up

ID

VAR-201412-0131


CVE

CVE-2014-9342


TITLE

F5 BIG-IP of Application Security Manager Cross-site scripting vulnerability in the tree display function

Trust: 0.8

sources: JVNDB: JVNDB-2014-005804

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation. BIG-IP is prone to a cross-site scripting vulnerability. F5 BIG-IP Application Security Manager (ASM) is a BIG-IP application security manager of F5 Corporation of the United States, which can provide users with application delivery security solutions, as well as secure remote Ingress control while enhancing network and application performance

Trust: 1.98

sources: NVD: CVE-2014-9342 // JVNDB: JVNDB-2014-005804 // BID: 79992 // VULHUB: VHN-77287

AFFECTED PRODUCTS

vendor:f5model:big-ipscope:eqversion:11.3.0

Trust: 2.4

vendor:f5model:big-ipscope:eqversion:11.3

Trust: 0.3

sources: BID: 79992 // JVNDB: JVNDB-2014-005804 // CNNVD: CNNVD-201412-144 // NVD: CVE-2014-9342

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9342
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-9342
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-144
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77287
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9342
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-77287
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-77287 // JVNDB: JVNDB-2014-005804 // CNNVD: CNNVD-201412-144 // NVD: CVE-2014-9342

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-77287 // JVNDB: JVNDB-2014-005804 // NVD: CVE-2014-9342

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-144

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201412-144

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005804

PATCH
title:BIG-IP LTMurl:https://support.f5.com/kb/en-us/products/big-ip_ltm.html
Trust: 0.8
title:F5 BIG-IP Application Security Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149299
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-005804 // 
            
            
            
            CNNVD: CNNVD-201412-144

EXTERNAL IDS
db:NVDid:CVE-2014-9342
Trust: 2.8
db:SECUNIAid:62000
Trust: 1.7
db:JVNDBid:JVNDB-2014-005804
Trust: 0.8
db:CNNVDid:CNNVD-201412-144
Trust: 0.7
db:BIDid:79992
Trust: 0.4
db:VULHUBid:VHN-77287
Trust: 0.1
sources:
            
            
            VULHUB: VHN-77287 // 
            
            
            
            BID: 79992 // 
            
            
            
            JVNDB: JVNDB-2014-005804 // 
            
            
            
            CNNVD: CNNVD-201412-144 // 
            
            
            
            NVD: CVE-2014-9342

REFERENCES
url:http://www.securityfocus.com/archive/1/534137/100/0/threaded
Trust: 1.7
url:https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15939.html
Trust: 1.7
url:https://support.f5.com/csp/article/k15939
Trust: 1.7
url:http://secunia.com/advisories/62000
Trust: 1.7
url:http://www.securityfocus.com/archive/1/archive/1/534137/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9342
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9342
Trust: 0.8
sources:
            
            
            VULHUB: VHN-77287 // 
            
            
            
            BID: 79992 // 
            
            
            
            JVNDB: JVNDB-2014-005804 // 
            
            
            
            CNNVD: CNNVD-201412-144 // 
            
            
            
            NVD: CVE-2014-9342

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 79992

SOURCES
db:VULHUBid:VHN-77287
db:BIDid:79992
db:JVNDBid:JVNDB-2014-005804
db:CNNVDid:CNNVD-201412-144
db:NVDid:CVE-2014-9342

LAST UPDATE DATE
2024-11-23T23:09:20.757000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-77287date:2018-10-09T00:00:00
db:BIDid:79992date:2014-12-08T00:00:00
db:JVNDBid:JVNDB-2014-005804date:2014-12-09T00:00:00
db:CNNVDid:CNNVD-201412-144date:2021-05-06T00:00:00
db:NVDid:CVE-2014-9342date:2024-11-21T02:20:39.537

SOURCES RELEASE DATE
db:VULHUBid:VHN-77287date:2014-12-08T00:00:00
db:BIDid:79992date:2014-12-08T00:00:00
db:JVNDBid:JVNDB-2014-005804date:2014-12-09T00:00:00
db:CNNVDid:CNNVD-201412-144date:2014-12-09T00:00:00
db:NVDid:CVE-2014-9342date:2014-12-08T11:59:14.233