All the vulnerabilites related to f5 - firepass_ssl_vpn
cve-2008-2030
Vulnerability from cvelistv5
Published
2008-04-30 15:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/28902 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29931 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42078 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:56.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
},
{
"name": "28902",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28902"
},
{
"name": "29931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29931"
},
{
"name": "firepass-installcontrol-xss(42078)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
},
{
"name": "28902",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28902"
},
{
"name": "29931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29931"
},
{
"name": "firepass-installcontrol-xss(42078)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
},
{
"name": "28902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28902"
},
{
"name": "29931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29931"
},
{
"name": "firepass-installcontrol-xss(42078)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2030",
"datePublished": "2008-04-30T15:00:00",
"dateReserved": "2008-04-30T00:00:00",
"dateUpdated": "2024-08-07T08:49:56.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2119
Vulnerability from cvelistv5
Published
2009-06-18 21:00
Modified
2024-08-07 05:36
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/35418 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/35426 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106 | x_refsource_MISC | |
| http://osvdb.org/55040 | vdb-entry, x_refsource_OSVDB | |
| https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/504232/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/35312 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51064 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/1570 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1022387 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35418"
},
{
"name": "35426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106"
},
{
"name": "55040",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf"
},
{
"name": "20090611 F5 FirePass Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504232/100/0/threaded"
},
{
"name": "35312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35312"
},
{
"name": "firepasssslvpn-unspecified-xss(51064)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51064"
},
{
"name": "ADV-2009-1570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1570"
},
{
"name": "1022387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35418"
},
{
"name": "35426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106"
},
{
"name": "55040",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf"
},
{
"name": "20090611 F5 FirePass Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504232/100/0/threaded"
},
{
"name": "35312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35312"
},
{
"name": "firepasssslvpn-unspecified-xss(51064)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51064"
},
{
"name": "ADV-2009-1570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1570"
},
{
"name": "1022387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35418"
},
{
"name": "35426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35426"
},
{
"name": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106",
"refsource": "MISC",
"url": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106"
},
{
"name": "55040",
"refsource": "OSVDB",
"url": "http://osvdb.org/55040"
},
{
"name": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf",
"refsource": "MISC",
"url": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf"
},
{
"name": "20090611 F5 FirePass Cross-Site Scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504232/100/0/threaded"
},
{
"name": "35312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35312"
},
{
"name": "firepasssslvpn-unspecified-xss(51064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51064"
},
{
"name": "ADV-2009-1570",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1570"
},
{
"name": "1022387",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2119",
"datePublished": "2009-06-18T21:00:00",
"dateReserved": "2009-06-18T00:00:00",
"dateUpdated": "2024-08-07T05:36:20.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2637
Vulnerability from cvelistv5
Published
2008-06-10 00:00
Modified
2024-08-07 09:05
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1020205 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/1765/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/493149/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/30550 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/3931 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/29574 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42884 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:30.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020205"
},
{
"name": "ADV-2008-1765",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1765/references"
},
{
"name": "20080605 F5 FirePass Content Inspection Management XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493149/100/0/threaded"
},
{
"name": "30550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30550"
},
{
"name": "3931",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3931"
},
{
"name": "29574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29574"
},
{
"name": "firepass-webyfiers-index-xss(42884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020205"
},
{
"name": "ADV-2008-1765",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1765/references"
},
{
"name": "20080605 F5 FirePass Content Inspection Management XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493149/100/0/threaded"
},
{
"name": "30550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30550"
},
{
"name": "3931",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3931"
},
{
"name": "29574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29574"
},
{
"name": "firepass-webyfiers-index-xss(42884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020205",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020205"
},
{
"name": "ADV-2008-1765",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1765/references"
},
{
"name": "20080605 F5 FirePass Content Inspection Management XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493149/100/0/threaded"
},
{
"name": "30550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30550"
},
{
"name": "3931",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3931"
},
{
"name": "29574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29574"
},
{
"name": "firepass-webyfiers-index-xss(42884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2637",
"datePublished": "2008-06-10T00:00:00",
"dateReserved": "2008-06-09T00:00:00",
"dateUpdated": "2024-08-07T09:05:30.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-04-30 16:17
Modified
2024-11-21 00:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | firepass_4100 | * | |
| f5 | firepass_ssl_vpn | 5.4.2 | |
| f5 | firepass_ssl_vpn | 5.5.2 | |
| f5 | firepass_ssl_vpn | 6.0 | |
| f5 | firepass_ssl_vpn | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:firepass_4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BA182D-6515-45F9-A73B-A1F4749ECA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:f5:firepass_ssl_vpn:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00CB3458-5459-4E40-AE68-0FC73FD0C089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:f5:firepass_ssl_vpn:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4976941E-BDAA-4AD2-AB70-7B4A2E134246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:f5:firepass_ssl_vpn:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01AFA837-B856-482A-8192-5E92FD40EA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:f5:firepass_ssl_vpn:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E81599EA-E8A4-49CB-858E-1FCED94DA71F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en installControl.php3 de F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 y 6.0-6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la cadena query. NOTA: el origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-2030",
"lastModified": "2024-11-21T00:45:55.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-30T16:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29931"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28902"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-18 21:30
Modified
2024-11-21 01:04
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | firepass_ssl_vpn | 5.5 | |
| f5 | firepass_ssl_vpn | 5.5.1 | |
| f5 | firepass_ssl_vpn | 5.5.2 | |
| f5 | firepass_ssl_vpn | 6.0 | |
| f5 | firepass_ssl_vpn | 6.0.1 | |
| f5 | firepass_ssl_vpn | 6.0.2 | |
| f5 | firepass_ssl_vpn | 6.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:firepass_ssl_vpn:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C2AE5BB-5D4B-4CA3-BB28-2BE9A4974CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:f5:firepass_ssl_vpn:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7ABAF45-EB5E-44C9-AF4D-EDF741BABCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:f5:firepass_ssl_vpn:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4976941E-BDAA-4AD2-AB70-7B4A2E134246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:f5:firepass_ssl_vpn:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01AFA837-B856-482A-8192-5E92FD40EA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:f5:firepass_ssl_vpn:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA0609-9A3B-4C83-8DE6-2589152F8CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:f5:firepass_ssl_vpn:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7093053B-97DB-4B45-9E36-5A52A28CDCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:f5:firepass_ssl_vpn:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA897F6-03C3-4182-B288-6F9C1337C10E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos cruzados(XSS) en el interface de autenticaci\u00f3n de F5 FirePass SSL VPN v5.5 hasta v5.5.2 y 6.0 hasta v6.0.3 , permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de un campo password manipulado. NOTA: algunos de estos detalles se han obtenido de terceros."
}
],
"id": "CVE-2009-2119",
"lastModified": "2024-11-21T01:04:10.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-18T21:30:00.407",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55040"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35418"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35426"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504232/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35312"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1022387"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1570"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51064"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106"
},
{
"source": "cve@mitre.org",
"url": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504232/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1022387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-10 00:32
Modified
2024-11-21 00:47
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | firepass_ssl_vpn | 6.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:firepass_ssl_vpn:6.0.2:hotfix_3:*:*:*:*:*:*",
"matchCriteriaId": "40A7BB18-7A3D-4EB3-9878-78F52E17ADBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en F5 FirePass SSL VPN versiones 6.0.2 hotfix 3, y posiblemente versiones anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de comillas en (1) el par\u00e1metro css_exceptions en el archivo vdesk/admincon/webyfiers.php y (2) el par\u00e1metro sql_matchscope en el archivo vdesk/admincon/index.php."
}
],
"id": "CVE-2008-2637",
"lastModified": "2024-11-21T00:47:21.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-06-10T00:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30550"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3931"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493149/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29574"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020205"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1765/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493149/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1765/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42884"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}