cvelistv5 - CVE-2007-6704

CVE-2007-6704 (GCVE-0-2007-6704)

Vulnerability from cvelistv5 – Published: 2008-03-05 23:00 – Updated: 2024-08-07 16:18

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://securityreason.com/securityalert/3712	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/archive/1/492511/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/27904	third-party-advisoryx_refsource_SECUNIA
	http://www.procheckup.com/Vulnerability_PR07-14.php	x_refsource_MISC
	http://www.osvdb.org/38981	vdb-entryx_refsource_OSVDB
	https://support.f5.com/kb/en-us/solutions/public/…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/26659	vdb-entryx_refsource_BID
	http://www.procheckup.com/Vulnerability_PR07-15a.php	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/484411/100…	mailing-listx_refsource_BUGTRAQ
	http://www.osvdb.org/38980	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id?1019031	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/26661	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/484413/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:18:20.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3712",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3712"
          },
          {
            "name": "20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
          },
          {
            "name": "27904",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27904"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
          },
          {
            "name": "38981",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/38981"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
          },
          {
            "name": "firepass-myactivation-xss(38785)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
          },
          {
            "name": "26659",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26659"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
          },
          {
            "name": "firepass-mylogonphp3-xss(38795)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
          },
          {
            "name": "20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.activation.php3\u0027 server-side script",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
          },
          {
            "name": "38980",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/38980"
          },
          {
            "name": "1019031",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019031"
          },
          {
            "name": "26661",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26661"
          },
          {
            "name": "20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3712",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3712"
        },
        {
          "name": "20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
        },
        {
          "name": "27904",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27904"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
        },
        {
          "name": "38981",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/38981"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
        },
        {
          "name": "firepass-myactivation-xss(38785)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
        },
        {
          "name": "26659",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26659"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
        },
        {
          "name": "firepass-mylogonphp3-xss(38795)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
        },
        {
          "name": "20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.activation.php3\u0027 server-side script",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
        },
        {
          "name": "38980",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/38980"
        },
        {
          "name": "1019031",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019031"
        },
        {
          "name": "26661",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26661"
        },
        {
          "name": "20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6704",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3712",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3712"
            },
            {
              "name": "20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
            },
            {
              "name": "27904",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27904"
            },
            {
              "name": "http://www.procheckup.com/Vulnerability_PR07-14.php",
              "refsource": "MISC",
              "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
            },
            {
              "name": "38981",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/38981"
            },
            {
              "name": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
            },
            {
              "name": "firepass-myactivation-xss(38785)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
            },
            {
              "name": "26659",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26659"
            },
            {
              "name": "http://www.procheckup.com/Vulnerability_PR07-15a.php",
              "refsource": "MISC",
              "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
            },
            {
              "name": "firepass-mylogonphp3-xss(38795)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
            },
            {
              "name": "20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.activation.php3\u0027 server-side script",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
            },
            {
              "name": "38980",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/38980"
            },
            {
              "name": "1019031",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019031"
            },
            {
              "name": "26661",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26661"
            },
            {
              "name": "20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6704",
    "datePublished": "2008-03-05T23:00:00",
    "dateReserved": "2008-03-05T00:00:00",
    "dateUpdated": "2024-08-07T16:18:20.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D7B7CDD-2146-4B46-BCCC-A2E724F668C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85AE9E11-C5F0-462E-AEFA-68ABE3B6AB0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A60081E6-94C5-4A8E-B95D-5131DAFF9537\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FB490F1-237B-494F-9315-BE6A2920B693\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A396D79-468A-4C32-8090-AED20AD7E4A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE197C0E-34AD-46AD-8359-713BA2034512\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A90B5729-2F85-475B-AC7D-B9EEC15B0524\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D595F076-822D-4A99-9838-18B9A28A323A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.4.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D609CB0-72B0-4CCC-8351-897801B57B17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74BFE0EE-9554-4C6C-AB24-DC8AA50AF7A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C79823A-E8DF-4F67-BB6D-4901E007D636\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:5.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7EF2BA6-CA87-421B-A2DB-D74A16C1A845\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4F8E7C1-84F6-42A4-9534-7C822F625240\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass_4100:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F108EAE-0CC6-41C9-978B-B596F0981A5F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en F5 FirePass 4100 SSL VPN 5.4.1 hasta 5.5.2 y 6.0 hasta 6.0.1, cuando las secuencias pre-logon est\\u00e1n activadas, permiten a atacantes remotos inyectar web script o HMTL de su elecci\\u00f3n a trav\\u00e9s de la cadena de consulta de (1) my.activation.php3 y (2) my.logon.php3.\"}]",
      "id": "CVE-2007-6704",
      "lastModified": "2024-11-21T00:40:48.460",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:P/A:N\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-03-05T23:44:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/27904\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3712\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/38980\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/38981\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.procheckup.com/Vulnerability_PR07-14.php\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.procheckup.com/Vulnerability_PR07-15a.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/484411/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484413/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/492511/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26659\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26661\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019031\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38785\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38795\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3712\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/38980\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/38981\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.procheckup.com/Vulnerability_PR07-14.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.procheckup.com/Vulnerability_PR07-15a.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/484411/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484413/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/492511/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26659\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26661\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019031\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38785\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6704\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-05T23:44:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en F5 FirePass 4100 SSL VPN 5.4.1 hasta 5.5.2 y 6.0 hasta 6.0.1, cuando las secuencias pre-logon est\u00e1n activadas, permiten a atacantes remotos inyectar web script o HMTL de su elecci\u00f3n a trav\u00e9s de la cadena de consulta de (1) my.activation.php3 y (2) my.logon.php3.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:P/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D7B7CDD-2146-4B46-BCCC-A2E724F668C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85AE9E11-C5F0-462E-AEFA-68ABE3B6AB0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A60081E6-94C5-4A8E-B95D-5131DAFF9537\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FB490F1-237B-494F-9315-BE6A2920B693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A396D79-468A-4C32-8090-AED20AD7E4A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE197C0E-34AD-46AD-8359-713BA2034512\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A90B5729-2F85-475B-AC7D-B9EEC15B0524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D595F076-822D-4A99-9838-18B9A28A323A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D609CB0-72B0-4CCC-8351-897801B57B17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74BFE0EE-9554-4C6C-AB24-DC8AA50AF7A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C79823A-E8DF-4F67-BB6D-4901E007D636\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:5.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7EF2BA6-CA87-421B-A2DB-D74A16C1A845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4F8E7C1-84F6-42A4-9534-7C822F625240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass_4100:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F108EAE-0CC6-41C9-978B-B596F0981A5F\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/27904\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3712\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/38980\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/38981\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.procheckup.com/Vulnerability_PR07-14.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.procheckup.com/Vulnerability_PR07-15a.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/484411/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/484413/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/492511/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26659\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26661\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019031\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38785\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38795\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3712\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/38980\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/38981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.procheckup.com/Vulnerability_PR07-14.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.procheckup.com/Vulnerability_PR07-15a.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/484411/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/484413/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/492511/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26659\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26661\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200803-0003

Vulnerability from variot - Updated: 2023-12-18 11:35

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks. F5 Networks FirePass 4100 SSL VPNs running these firmware versions are vulnerable: 5.4.1 through 5.5.2 6.0 6.0.1.

2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.

Input passed via the URL to my.activation.php3 and my.logon.php3 is not properly sanitised before being returned to the user.

The vulnerabilities are reported in FirePass versions 5.4.1 to 5.5.2 and FirePass versions 6.0 to 6.0.1.

SOLUTION: The vendor has issued cumulative hotfix HF-601-6 for version 6.0.1: https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html

Filter malicious characters and character sequences in a web proxy.

PROVIDED AND/OR DISCOVERED BY: Adrian Pastor, Jan Fry, and Richard Brain of ProCheckUp Ltd.

ORIGINAL ADVISORY: F5: https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html

Procheckup Ltd: http://www.procheckup.com/Vulnerability_PR07-14.php http://www.procheckup.com/Vulnerability_PR07-15.php

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200803-0003",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "6.0.1"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "5.4.2"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "5.5.1"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "5.4.1"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "5.5.0"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "5.4.8"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "5.4.3"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "5.4.9"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "5.5.2"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "5.4.4"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "5.4.7"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "5.4.5"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "5.4.6"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "5.4.1 to  5.5.2"
      },
      {
        "model": "firepass 4100",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "and  6.0 to  6.0.1"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "41000"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "6.0.1"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "5.5.2"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "41005.4.2"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.4.1"
      },
      {
        "model": "firepass",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26659"
      },
      {
        "db": "BID",
        "id": "26661"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002561"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-042"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-6704"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adrian Pastor and Jan Fry of ProCheckUp are credited with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "26661"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-042"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2007-6704",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.6,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-6704",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "VHN-30066",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-6704",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200803-042",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-30066",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002561"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-042"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks. \nF5 Networks FirePass 4100 SSL VPNs running these firmware versions are vulnerable:\n5.4.1 through 5.5.2\n6.0\n6.0.1. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nInput passed via the URL to my.activation.php3 and my.logon.php3 is\nnot properly sanitised before being returned to the user. \n\nThe vulnerabilities are reported in FirePass versions 5.4.1 to 5.5.2\nand FirePass versions 6.0 to 6.0.1. \n\nSOLUTION:\nThe vendor has issued cumulative hotfix HF-601-6 for version 6.0.1:\nhttps://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html\n\nFilter malicious characters and character sequences in a web proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nAdrian Pastor, Jan Fry, and Richard Brain of ProCheckUp Ltd. \n\nORIGINAL ADVISORY:\nF5:\nhttps://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html\n\nProcheckup Ltd:\nhttp://www.procheckup.com/Vulnerability_PR07-14.php\nhttp://www.procheckup.com/Vulnerability_PR07-15.php\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-6704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002561"
      },
      {
        "db": "BID",
        "id": "26659"
      },
      {
        "db": "BID",
        "id": "26661"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30066"
      },
      {
        "db": "PACKETSTORM",
        "id": "61438"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-30066",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30066"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-6704",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "26659",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "26661",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "27904",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1019031",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "3712",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "38980",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "38981",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002561",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-042",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20080523 PR07-15: CROSS-SITE SCRIPTING (XSS) / HTML INJECTION ON F5 FIREPASS 4100 SSL VPN \u0027MY.LOGON.PHP3\u0027 SERVER-SIDE SCRIPT",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20071130 PR07-14: CROSS-SITE SCRIPTING (XSS) / HTML INJECTION ON F5 FIREPASS 4100 SSL VPN \u0027MY.ACTIVATION.PHP3\u0027 SERVER-SIDE SCRIPT",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20071130 PR07-15: CROSS-SITE SCRIPTING (XSS) / HTML INJECTION ON F5 FIREPASS 4100 SSL VPN \u0027MY.LOGON.PHP3\u0027 SERVER-SIDE SCRIPT",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "3",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "38795",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "38785",
        "trust": 0.6
      },
      {
        "db": "MISC",
        "id": "HTTP://WWW.PROCHECKUP.COM/VULNERABILITY_PR07-14.PHP",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "30834",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "30833",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-84198",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-30066",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "61438",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30066"
      },
      {
        "db": "BID",
        "id": "26659"
      },
      {
        "db": "BID",
        "id": "26661"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002561"
      },
      {
        "db": "PACKETSTORM",
        "id": "61438"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-042"
      }
    ]
  },
  "id": "VAR-200803-0003",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30066"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:35:07.198000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.f5.com/products/firepass/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002561"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002561"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6704"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.procheckup.com/vulnerability_pr07-14.php"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26659"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26661"
      },
      {
        "trust": 1.7,
        "url": "http://www.procheckup.com/vulnerability_pr07-15a.php"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/38980"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/38981"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1019031"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/27904"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/3712"
      },
      {
        "trust": 1.2,
        "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/sol7923.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6704"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6704"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/sol7923.html?sr=1"
      },
      {
        "trust": 0.6,
        "url": "http://f5.com/products/firepass/"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/38795"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/38785"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/484411/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/492511/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/484413/100/0/threaded"
      },
      {
        "trust": 0.4,
        "url": "http://www.procheckup.com/vulnerability_pr07-15.php"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/484413"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/492511"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/484411"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4695/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27904/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13146/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30066"
      },
      {
        "db": "BID",
        "id": "26659"
      },
      {
        "db": "BID",
        "id": "26661"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002561"
      },
      {
        "db": "PACKETSTORM",
        "id": "61438"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-042"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-30066"
      },
      {
        "db": "BID",
        "id": "26659"
      },
      {
        "db": "BID",
        "id": "26661"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002561"
      },
      {
        "db": "PACKETSTORM",
        "id": "61438"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-042"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-03-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30066"
      },
      {
        "date": "2007-11-30T00:00:00",
        "db": "BID",
        "id": "26659"
      },
      {
        "date": "2007-11-30T00:00:00",
        "db": "BID",
        "id": "26661"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002561"
      },
      {
        "date": "2007-12-04T04:44:29",
        "db": "PACKETSTORM",
        "id": "61438"
      },
      {
        "date": "2008-03-05T23:44:00",
        "db": "NVD",
        "id": "CVE-2007-6704"
      },
      {
        "date": "2008-03-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-042"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30066"
      },
      {
        "date": "2015-04-16T18:08:00",
        "db": "BID",
        "id": "26659"
      },
      {
        "date": "2015-05-07T17:35:00",
        "db": "BID",
        "id": "26661"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002561"
      },
      {
        "date": "2018-10-15T21:56:09.650000",
        "db": "NVD",
        "id": "CVE-2007-6704"
      },
      {
        "date": "2009-04-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-042"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "26659"
      },
      {
        "db": "BID",
        "id": "26661"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F5 FirePass Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002561"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "61438"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-042"
      }
    ],
    "trust": 0.7
  }
}

GHSA-HXJ2-29WW-F583

Vulnerability from github – Published: 2022-05-01 18:45 – Updated: 2022-05-01 18:45

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6704"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-05T23:44:00Z",
    "severity": "LOW"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.",
  "id": "GHSA-hxj2-29ww-f583",
  "modified": "2022-05-01T18:45:32Z",
  "published": "2022-05-01T18:45:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6704"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27904"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3712"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/38980"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/38981"
    },
    {
      "type": "WEB",
      "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
    },
    {
      "type": "WEB",
      "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26659"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26661"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019031"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-6704

Vulnerability from fkie_nvd - Published: 2008-03-05 23:44 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/27904	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3712
cve@mitre.org	http://www.osvdb.org/38980
cve@mitre.org	http://www.osvdb.org/38981
cve@mitre.org	http://www.procheckup.com/Vulnerability_PR07-14.php
cve@mitre.org	http://www.procheckup.com/Vulnerability_PR07-15a.php	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/484411/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/484413/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/492511/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26659
cve@mitre.org	http://www.securityfocus.com/bid/26661
cve@mitre.org	http://www.securitytracker.com/id?1019031
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38785
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38795
cve@mitre.org	https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27904	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3712
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/38980
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/38981
af854a3a-2127-422b-91ae-364da2661108	http://www.procheckup.com/Vulnerability_PR07-14.php
af854a3a-2127-422b-91ae-364da2661108	http://www.procheckup.com/Vulnerability_PR07-15a.php	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/484411/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/484413/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/492511/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26659
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26661
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019031
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38785
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38795
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html

Impacted products

Vendor	Product	Version
f5	firepass_4100	5.4.1
f5	firepass_4100	5.4.2
f5	firepass_4100	5.4.3
f5	firepass_4100	5.4.4
f5	firepass_4100	5.4.5
f5	firepass_4100	5.4.6
f5	firepass_4100	5.4.7
f5	firepass_4100	5.4.8
f5	firepass_4100	5.4.9
f5	firepass_4100	5.5.0
f5	firepass_4100	5.5.1
f5	firepass_4100	5.5.2
f5	firepass_4100	6.0
f5	firepass_4100	6.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7B7CDD-2146-4B46-BCCC-A2E724F668C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "85AE9E11-C5F0-462E-AEFA-68ABE3B6AB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A60081E6-94C5-4A8E-B95D-5131DAFF9537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB490F1-237B-494F-9315-BE6A2920B693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A396D79-468A-4C32-8090-AED20AD7E4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE197C0E-34AD-46AD-8359-713BA2034512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A90B5729-2F85-475B-AC7D-B9EEC15B0524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D595F076-822D-4A99-9838-18B9A28A323A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D609CB0-72B0-4CCC-8351-897801B57B17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74BFE0EE-9554-4C6C-AB24-DC8AA50AF7A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C79823A-E8DF-4F67-BB6D-4901E007D636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7EF2BA6-CA87-421B-A2DB-D74A16C1A845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4F8E7C1-84F6-42A4-9534-7C822F625240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass_4100:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F108EAE-0CC6-41C9-978B-B596F0981A5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en F5 FirePass 4100 SSL VPN 5.4.1 hasta 5.5.2 y 6.0 hasta 6.0.1, cuando las secuencias pre-logon est\u00e1n activadas, permiten a atacantes remotos inyectar web script o HMTL de su elecci\u00f3n a trav\u00e9s de la cadena de consulta de (1) my.activation.php3 y (2) my.logon.php3."
    }
  ],
  "id": "CVE-2007-6704",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-05T23:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27904"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3712"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/38980"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/38981"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26659"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26661"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019031"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/38980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/38981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-6704

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-6704

Aliases

CVE-2007-6704

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6704",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.",
    "id": "GSD-2007-6704"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6704"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.",
      "id": "GSD-2007-6704",
      "modified": "2023-12-13T01:21:38.427829Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6704",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "3712",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3712"
          },
          {
            "name": "20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
          },
          {
            "name": "27904",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27904"
          },
          {
            "name": "http://www.procheckup.com/Vulnerability_PR07-14.php",
            "refsource": "MISC",
            "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
          },
          {
            "name": "38981",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/38981"
          },
          {
            "name": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
          },
          {
            "name": "firepass-myactivation-xss(38785)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
          },
          {
            "name": "26659",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26659"
          },
          {
            "name": "http://www.procheckup.com/Vulnerability_PR07-15a.php",
            "refsource": "MISC",
            "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
          },
          {
            "name": "firepass-mylogonphp3-xss(38795)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
          },
          {
            "name": "20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.activation.php3\u0027 server-side script",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
          },
          {
            "name": "38980",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/38980"
          },
          {
            "name": "1019031",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019031"
          },
          {
            "name": "26661",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26661"
          },
          {
            "name": "20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass_4100:5.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6704"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.procheckup.com/Vulnerability_PR07-14.php",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
            },
            {
              "name": "http://www.procheckup.com/Vulnerability_PR07-15a.php",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
            },
            {
              "name": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
            },
            {
              "name": "26659",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26659"
            },
            {
              "name": "26661",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26661"
            },
            {
              "name": "38980",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/38980"
            },
            {
              "name": "38981",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/38981"
            },
            {
              "name": "1019031",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019031"
            },
            {
              "name": "27904",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27904"
            },
            {
              "name": "3712",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3712"
            },
            {
              "name": "firepass-mylogonphp3-xss(38795)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
            },
            {
              "name": "firepass-myactivation-xss(38785)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
            },
            {
              "name": "20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
            },
            {
              "name": "20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
            },
            {
              "name": "20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.activation.php3\u0027 server-side script",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:56Z",
      "publishedDate": "2008-03-05T23:44Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-6704 (GCVE-0-2007-6704)

VAR-200803-0003

GHSA-HXJ2-29WW-F583

FKIE_CVE-2007-6704

GSD-2007-6704

Tags

Sightings

Nomenclature