cvelistv5 - cve-2008-0265

CVE-2008-0265 (GCVE-0-2008-0265)

Vulnerability from cvelistv5 – Published: 2008-01-15 19:00 – Updated: 2024-08-07 07:39

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securitytracker.com/id?1019190	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2008/0181	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securityreason.com/securityalert/3545	third-party-advisoryx_refsource_SREASON
	http://secunia.com/advisories/28505	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/486217/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/27272	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:35.049Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1019190",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019190"
          },
          {
            "name": "ADV-2008-0181",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0181"
          },
          {
            "name": "f5bigip-searchstring-xss(39632)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39632"
          },
          {
            "name": "3545",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3545"
          },
          {
            "name": "28505",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28505"
          },
          {
            "name": "20080114 F5 BIG-IP Web Management List Search XSS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486217/100/0/threaded"
          },
          {
            "name": "27272",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27272"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1019190",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019190"
        },
        {
          "name": "ADV-2008-0181",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0181"
        },
        {
          "name": "f5bigip-searchstring-xss(39632)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39632"
        },
        {
          "name": "3545",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3545"
        },
        {
          "name": "28505",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28505"
        },
        {
          "name": "20080114 F5 BIG-IP Web Management List Search XSS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486217/100/0/threaded"
        },
        {
          "name": "27272",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27272"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0265",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1019190",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019190"
            },
            {
              "name": "ADV-2008-0181",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0181"
            },
            {
              "name": "f5bigip-searchstring-xss(39632)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39632"
            },
            {
              "name": "3545",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3545"
            },
            {
              "name": "28505",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28505"
            },
            {
              "name": "20080114 F5 BIG-IP Web Management List Search XSS",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486217/100/0/threaded"
            },
            {
              "name": "27272",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27272"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0265",
    "datePublished": "2008-01-15T19:00:00",
    "dateReserved": "2008-01-15T00:00:00",
    "dateUpdated": "2024-08-07T07:39:35.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:f5:tmos:9.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"238F0964-D138-4673-9747-C73E8D84E367\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funci\\u00f3n Search en el interfaz de gesti\\u00f3n web en F5 BIG-IP 9.4.3 permite a atacantes remotos inyectar secuencias de comandos web de su elecci\\u00f3n o a trav\\u00e9s de HTML el par\\u00e1metro SearchString en (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, y (5) list_asm.jsp en tmui/Control/jspmap/tmui/system/log/; y (6) list.jsp en ciertos directorios.\"}]",
      "id": "CVE-2008-0265",
      "lastModified": "2024-11-21T00:41:32.373",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-01-15T20:00:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/28505\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3545\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486217/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27272\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019190\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0181\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39632\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28505\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3545\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486217/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27272\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019190\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0181\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39632\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0265\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-01-15T20:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n Search en el interfaz de gesti\u00f3n web en F5 BIG-IP 9.4.3 permite a atacantes remotos inyectar secuencias de comandos web de su elecci\u00f3n o a trav\u00e9s de HTML el par\u00e1metro SearchString en (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, y (5) list_asm.jsp en tmui/Control/jspmap/tmui/system/log/; y (6) list.jsp en ciertos directorios.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:f5:tmos:9.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"238F0964-D138-4673-9747-C73E8D84E367\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/28505\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3545\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/486217/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27272\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019190\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0181\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39632\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3545\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/486217/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27272\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019190\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-0265

Vulnerability from fkie_nvd - Published: 2008-01-15 20:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28505	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3545
cve@mitre.org	http://www.securityfocus.com/archive/1/486217/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/27272
cve@mitre.org	http://www.securitytracker.com/id?1019190
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0181
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39632
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28505	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3545
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486217/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27272
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019190
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0181
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39632

Impacted products

	Vendor	Product	Version
	f5	tmos	9.4.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:f5:tmos:9.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "238F0964-D138-4673-9747-C73E8D84E367",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n Search en el interfaz de gesti\u00f3n web en F5 BIG-IP 9.4.3 permite a atacantes remotos inyectar secuencias de comandos web de su elecci\u00f3n o a trav\u00e9s de HTML el par\u00e1metro SearchString en (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, y (5) list_asm.jsp en tmui/Control/jspmap/tmui/system/log/; y (6) list.jsp en ciertos directorios."
    }
  ],
  "id": "CVE-2008-0265",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-01-15T20:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28505"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3545"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486217/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27272"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019190"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0181"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486217/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39632"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200801-0243

Vulnerability from variot - Updated: 2023-12-18 10:46

Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories. (1) tmui/Control/jspmap/tmui/system/log/ Subordinate list_system.jsp (2) tmui/Control/jspmap/tmui/system/log/ Subordinate list_pktfilter.jsp (3) tmui/Control/jspmap/tmui/system/log/ Subordinate list_ltm.jsp (4) tmui/Control/jspmap/tmui/system/log/ Subordinate resources_audit.jsp (5) tmui/Control/jspmap/tmui/system/log/ Subordinate list_asm.jsp (6) Under other directories list.jsp. F5 BIG-IP is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. BIG-IP firmware version 9.4.3 is vulnerable; other versions may also be affected.

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: F5 BIG-IP "SearchString" Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID: SA28505

VERIFY ADVISORY: http://secunia.com/advisories/28505/

CRITICAL: Less critical

IMPACT: Cross Site Scripting

WHERE:

From remote

OPERATING SYSTEM: BIG-IP 9.x http://secunia.com/product/3158/

DESCRIPTION: nnposter has reported a vulnerability in F5 BIG-IP, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "SearchString" parameter in various files is not properly sanitised before being returned to a user.

The vulnerability is reported in the following files: /tmui/Control/jspmap/tmui/locallb/virtual_server/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/http/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/ftp/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/rtsp/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/sip/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/persistence/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/fastl4/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/fasthttp/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/httpclass/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/tcp/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/udp/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/sctp/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/clientssl/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/serverssl/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/authn/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/connpool/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/statistics/list.jsp /tmui/Control/jspmap/tmui/locallb/profile/stream/list.jsp /tmui/Control/jspmap/tmui/locallb/pool/list.jsp /tmui/Control/jspmap/tmui/locallb/node/list.jsp /tmui/Control/jspmap/tmui/locallb/monitor/list.jsp /tmui/Control/jspmap/tmui/locallb/ssl_certificate/list.jsp /tmui/Control/jspmap/tmui/system/user/list.jsp /tmui/Control/jspmap/tmui/system/log/list_system.jsp /tmui/Control/jspmap/tmui/system/log/list_pktfilter.jsp /tmui/Control/jspmap/tmui/system/log/list_ltm.jsp /tmui/Control/jspmap/tmui/system/log/resources_audit.jsp /tmui/Control/jspmap/tmui/system/log/list_asm.jsp

The vulnerability is reported in version 9.4.3.

SOLUTION: Filter malicious characters and character sequences using a web proxy.

PROVIDED AND/OR DISCOVERED BY: nnposter

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200801-0243",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "f5",
        "version": "9.4.3"
      },
      {
        "model": "tmos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "9.4.3"
      },
      {
        "model": "wanjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.4.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.0"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.3.1"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.2.5"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.2.2"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.1"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.0.5"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.0.4"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.0.3"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.0.2"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.0.1"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.0"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.3"
      },
      {
        "model": "big-ip build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.2413.1"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002593"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-200"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:f5:tmos:9.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0265"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "nnposter",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-200"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-0265",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2008-0265",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-30390",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-0265",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200801-200",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-30390",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30390"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002593"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-200"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories. (1) tmui/Control/jspmap/tmui/system/log/ Subordinate list_system.jsp (2) tmui/Control/jspmap/tmui/system/log/ Subordinate list_pktfilter.jsp (3) tmui/Control/jspmap/tmui/system/log/ Subordinate list_ltm.jsp (4) tmui/Control/jspmap/tmui/system/log/ Subordinate resources_audit.jsp (5) tmui/Control/jspmap/tmui/system/log/ Subordinate list_asm.jsp (6) Under other directories list.jsp. F5 BIG-IP is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nBIG-IP firmware version 9.4.3 is vulnerable; other versions may also be affected. \n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nF5 BIG-IP \"SearchString\" Cross-Site Scripting Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA28505\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28505/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nBIG-IP 9.x\nhttp://secunia.com/product/3158/\n\nDESCRIPTION:\nnnposter has reported a vulnerability in F5 BIG-IP, which can be\nexploited by malicious people to conduct cross-site scripting\nattacks. \n\nInput passed to the \"SearchString\" parameter in various files is not\nproperly sanitised before being returned to a user. \n\nThe vulnerability is reported in the following files:\n/tmui/Control/jspmap/tmui/locallb/virtual_server/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/http/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/ftp/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/rtsp/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/sip/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/persistence/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/fastl4/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/fasthttp/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/httpclass/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/tcp/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/udp/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/sctp/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/clientssl/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/serverssl/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/authn/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/connpool/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/statistics/list.jsp\n/tmui/Control/jspmap/tmui/locallb/profile/stream/list.jsp\n/tmui/Control/jspmap/tmui/locallb/pool/list.jsp\n/tmui/Control/jspmap/tmui/locallb/node/list.jsp\n/tmui/Control/jspmap/tmui/locallb/monitor/list.jsp\n/tmui/Control/jspmap/tmui/locallb/ssl_certificate/list.jsp\n/tmui/Control/jspmap/tmui/system/user/list.jsp\n/tmui/Control/jspmap/tmui/system/log/list_system.jsp\n/tmui/Control/jspmap/tmui/system/log/list_pktfilter.jsp\n/tmui/Control/jspmap/tmui/system/log/list_ltm.jsp\n/tmui/Control/jspmap/tmui/system/log/resources_audit.jsp\n/tmui/Control/jspmap/tmui/system/log/list_asm.jsp\n\nThe vulnerability is reported in version 9.4.3. \n\nSOLUTION:\nFilter malicious characters and character sequences using a web\nproxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nnnposter\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002593"
      },
      {
        "db": "BID",
        "id": "27272"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30390"
      },
      {
        "db": "PACKETSTORM",
        "id": "62786"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-30390",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30390"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-0265",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "27272",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "28505",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1019190",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "3545",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0181",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002593",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "5",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "39632",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080114 F5 BIG-IP WEB MANAGEMENT LIST SEARCH XSS",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-200",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "31024",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-84377",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-30390",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "62786",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30390"
      },
      {
        "db": "BID",
        "id": "27272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002593"
      },
      {
        "db": "PACKETSTORM",
        "id": "62786"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-200"
      }
    ]
  },
  "id": "VAR-200801-0243",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30390"
      }
    ],
    "trust": 0.5615448
  },
  "last_update_date": "2023-12-18T10:46:41.326000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.f5.com/products/big-ip/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002593"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30390"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002593"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0265"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/27272"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1019190"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/28505"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/3545"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/486217/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0181"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39632"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0265"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0265"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/39632"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/486217/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/0181"
      },
      {
        "trust": 0.3,
        "url": "http://www.f5.com/f5products/bigip/"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/8000/200/sol8280.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/486217"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28505/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3158/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30390"
      },
      {
        "db": "BID",
        "id": "27272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002593"
      },
      {
        "db": "PACKETSTORM",
        "id": "62786"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-200"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-30390"
      },
      {
        "db": "BID",
        "id": "27272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002593"
      },
      {
        "db": "PACKETSTORM",
        "id": "62786"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-200"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-01-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30390"
      },
      {
        "date": "2008-01-14T00:00:00",
        "db": "BID",
        "id": "27272"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002593"
      },
      {
        "date": "2008-01-19T01:16:59",
        "db": "PACKETSTORM",
        "id": "62786"
      },
      {
        "date": "2008-01-15T20:00:00",
        "db": "NVD",
        "id": "CVE-2008-0265"
      },
      {
        "date": "2008-01-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-200"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30390"
      },
      {
        "date": "2008-01-23T03:38:00",
        "db": "BID",
        "id": "27272"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002593"
      },
      {
        "date": "2018-10-30T16:25:15.200000",
        "db": "NVD",
        "id": "CVE-2008-0265"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-200"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-200"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F5 BIG-IP Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002593"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "62786"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-200"
      }
    ],
    "trust": 0.7
  }
}

GSD-2008-0265

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0265

Aliases

CVE-2008-0265

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0265",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.",
    "id": "GSD-2008-0265"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0265"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.",
      "id": "GSD-2008-0265",
      "modified": "2023-12-13T01:22:58.888122Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0265",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1019190",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019190"
          },
          {
            "name": "ADV-2008-0181",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0181"
          },
          {
            "name": "f5bigip-searchstring-xss(39632)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39632"
          },
          {
            "name": "3545",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3545"
          },
          {
            "name": "28505",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28505"
          },
          {
            "name": "20080114 F5 BIG-IP Web Management List Search XSS",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486217/100/0/threaded"
          },
          {
            "name": "27272",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27272"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:f5:tmos:9.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0265"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27272",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27272"
            },
            {
              "name": "1019190",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019190"
            },
            {
              "name": "28505",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28505"
            },
            {
              "name": "3545",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3545"
            },
            {
              "name": "ADV-2008-0181",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0181"
            },
            {
              "name": "f5bigip-searchstring-xss(39632)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39632"
            },
            {
              "name": "20080114 F5 BIG-IP Web Management List Search XSS",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486217/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-30T16:25Z",
      "publishedDate": "2008-01-15T20:00Z"
    }
  }
}

GHSA-W7VQ-3JJJ-WQ22

Vulnerability from github – Published: 2022-05-01 23:28 – Updated: 2022-05-01 23:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0265"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-15T20:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.",
  "id": "GHSA-w7vq-3jjj-wq22",
  "modified": "2022-05-01T23:28:47Z",
  "published": "2022-05-01T23:28:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0265"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39632"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28505"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3545"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486217/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27272"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019190"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0181"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0265 (GCVE-0-2008-0265)

FKIE_CVE-2008-0265

VAR-200801-0243

GSD-2008-0265

GHSA-W7VQ-3JJJ-WQ22

Tags

Sightings

Nomenclature