cvelistv5 - cve-2013-0150

URL	Tags
cret@cert.org	http://secunia.com/advisories/53477	Not Applicable, Vendor Advisory
cret@cert.org	http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html	Vendor Advisory
cret@cert.org	https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/	Third Party Advisory

▼	Vendor	Product
	n/a	n/a

gsd-2013-0150

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.

Aliases

CVE-2013-0150

Aliases

CVE-2013-0150

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-0150",
    "description": "Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products \"when APM is provisioned,\" allows remote attackers to upload and execute arbitrary files via a ..  (dot dot) in the filename parameter.",
    "id": "GSD-2013-0150"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-0150"
      ],
      "details": "Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products \"when APM is provisioned,\" allows remote attackers to upload and execute arbitrary files via a ..  (dot dot) in the filename parameter.",
      "id": "GSD-2013-0150",
      "modified": "2023-12-13T01:22:14.897233Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2013-0150",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products \"when APM is provisioned,\" allows remote attackers to upload and execute arbitrary files via a ..  (dot dot) in the filename parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/",
            "refsource": "MISC",
            "url": "https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/"
          },
          {
            "name": "http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html",
            "refsource": "CONFIRM",
            "url": "http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html"
          },
          {
            "name": "53477",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/53477"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "79618AB4-7A8E-4488-8608-57EC2F8681FE",
                    "versionEndIncluding": "10.2.4",
                    "versionStartIncluding": "10.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "384E40E2-6A1E-41EE-9075-C3D4E4C9DF3D",
                    "versionEndIncluding": "11.3.0",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7507BDFF-5B52-4A06-9F8C-2B6F3958162A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BA3E5454-D0E6-4BF9-B95F-A43ECE1A4C66",
                    "versionEndIncluding": "11.3.0",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "84B339AC-E904-4D62-81B6-61E1899F6855",
                    "versionEndIncluding": "10.2.4",
                    "versionStartIncluding": "10.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AD998E02-0896-4970-8BF7-2D2A3EF3FD7B",
                    "versionEndIncluding": "11.3.0",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A8347412-DC42-4B86-BF6E-A44A5E1541ED",
                    "versionEndIncluding": "10.2.4",
                    "versionStartIncluding": "10.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C8942D9D-8E3A-4876-8E93-ED8D201FF546",
                    "versionEndIncluding": "11.3.0",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "70E5E739-25AE-4A53-A756-A7189C785AD9",
                    "versionEndIncluding": "10.2.4",
                    "versionStartIncluding": "10.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FC253328-767A-4DC9-85FB-E8E5666B916B",
                    "versionEndIncluding": "11.3.0",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6AD005AD-AC65-44D1-8DB0-86B8D7F8ABE3",
                    "versionEndIncluding": "10.2.4",
                    "versionStartIncluding": "10.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "64C91648-A64F-4D8A-9F60-DEE6CA181A87",
                    "versionEndIncluding": "11.3.0",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "43A25E12-3EDE-4984-9006-1FBCB1977F2C",
                    "versionEndIncluding": "10.2.4",
                    "versionStartIncluding": "10.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E675191C-CA97-4F56-949A-DF2180C2C9F0",
                    "versionEndIncluding": "11.3.0",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3CA52816-C4B7-4B1E-A950-EE9B571CB06B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "51E532C1-88C1-461F-9563-E74C0DCFBCBD",
                    "versionEndIncluding": "10.2.4",
                    "versionStartIncluding": "10.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A97C7ACA-7D67-49C1-BA1E-256CD9E337D8",
                    "versionEndIncluding": "11.3.0",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D2F00612-6DDC-448F-AF3F-5869A5EDF95B",
                    "versionEndIncluding": "10.2.4",
                    "versionStartIncluding": "10.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "68BC025A-D45E-45FB-A4E4-1C89320B5BBE",
                    "versionEndIncluding": "11.3.0",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "99AC375E-C787-4D10-9062-36548041E343",
                    "versionEndIncluding": "10.2.4",
                    "versionStartIncluding": "10.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7C75978B-566B-4353-8716-099CB8790EE0",
                    "versionEndIncluding": "11.3.0",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "15CE213B-F42C-4C2E-AFBD-852AB049FF8A",
                    "versionEndIncluding": "6.1.0",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "442D343A-973B-4C33-B99B-1EA2B7670DE5",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products \"when APM is provisioned,\" allows remote attackers to upload and execute arbitrary files via a ..  (dot dot) in the filename parameter."
          },
          {
            "lang": "es",
            "value": "Vulnerabilidad de salto de directorio en una firma no especificada de un Applet Java en un componente client-side en F5 BIG-IP APM v10.1.0 hasta v10.2.4 y v11.0.0 hasta v11.3.0, FirePass v6.0.0 hasta v6.1.0 y v7.0.0, y otros productos \"cuando APM se aprovisiona,\" permite que atacantes remotos puedan subir y ejecutar fichero de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro nombre de fichero."
          }
        ],
        "id": "CVE-2013-0150",
        "lastModified": "2023-12-14T16:08:02.297",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 10.0,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ]
        },
        "published": "2013-08-09T20:56:06.917",
        "references": [
          {
            "source": "cret@cert.org",
            "tags": [
              "Not Applicable",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/53477"
          },
          {
            "source": "cret@cert.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html"
          },
          {
            "source": "cret@cert.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/"
          }
        ],
        "sourceIdentifier": "cret@cert.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-22"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

var-201308-0053

Vulnerability from variot

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. F5 BIG-IP APM and FirePass are prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. A remote attacker can use directory-traversal strings to overwrite arbitrary files in the context of the affected applications. The following versions are vulnerable: F5 BIG-IP APM 10.1.0 through 10.2.4 F5 BIG-IP APM 11.0.0 through 11.3.0 F5 FirePass 6.0.0 through 6.1.0 and 7.0.0. F5 BIG-IP Access Policy Manager (APM) and FirePass SSL VPN (FirePass) are both products of the US company F5. BIG-IP APM is a set of solutions that provide secure unified access to business-critical applications and networks. FirePass is a product that provides secure remote access to internal enterprise applications and data

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201308-0053",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "f5",
        "version": "7.0.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip wan optimization manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "firepass",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "6.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip protocol security module",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip wan optimization manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "big-ip protocol security module",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip wan optimization manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip protocol security module",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "firepass",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "6.0.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip protocol security module",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "big-ip wan optimization manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "10.1.0 to  10.2.4"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "11.0.0 to  11.3.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "6.0.0 to  6.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "6.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.3"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.2"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.1"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.2.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "firepass hf-420103-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7.0.0"
      },
      {
        "model": "firepass hf-420103-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.0"
      },
      {
        "model": "big-ip apm 11.2.0-hf7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip apm 10.2.4-hf7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "61202"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003683"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-0150"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-136"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:standalone",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:standalone",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:standalone",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:standalone",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-0150"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Neal Poole",
    "sources": [
      {
        "db": "BID",
        "id": "61202"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-0150",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-0150",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-60152",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-0150",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201308-136",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-60152",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-60152"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003683"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-0150"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-136"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products \"when APM is provisioned,\" allows remote attackers to upload and execute arbitrary files via a ..  (dot dot) in the filename parameter. F5 BIG-IP APM and FirePass are prone to a directory-traversal vulnerability because it fails  to properly sanitize user-supplied input. \nA remote attacker can use directory-traversal strings to overwrite  arbitrary files in the context of the affected applications. \nThe following versions are vulnerable:\nF5 BIG-IP APM 10.1.0 through 10.2.4\nF5 BIG-IP APM 11.0.0 through 11.3.0\nF5 FirePass 6.0.0 through 6.1.0 and 7.0.0. F5 BIG-IP Access Policy Manager (APM) and FirePass SSL VPN (FirePass) are both products of the US company F5. BIG-IP APM is a set of solutions that provide secure unified access to business-critical applications and networks. FirePass is a product that provides secure remote access to internal enterprise applications and data",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-0150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003683"
      },
      {
        "db": "BID",
        "id": "61202"
      },
      {
        "db": "VULHUB",
        "id": "VHN-60152"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-0150",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "53477",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003683",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-136",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "61202",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-60152",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-60152"
      },
      {
        "db": "BID",
        "id": "61202"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003683"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-0150"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-136"
      }
    ]
  },
  "id": "VAR-201308-0053",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-60152"
      }
    ],
    "trust": 0.5444825600000001
  },
  "last_update_date": "2023-12-18T13:53:28.937000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SOL14468: Client-side component flaw - CVE-2013-0150",
        "trust": 0.8,
        "url": "http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003683"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-60152"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003683"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-0150"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html"
      },
      {
        "trust": 2.0,
        "url": "https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/53477"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0150"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0150"
      },
      {
        "trust": 0.3,
        "url": "http://www.f5.com/products/big-ip/"
      },
      {
        "trust": 0.3,
        "url": "http://www.f5.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-60152"
      },
      {
        "db": "BID",
        "id": "61202"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003683"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-0150"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-136"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-60152"
      },
      {
        "db": "BID",
        "id": "61202"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003683"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-0150"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-136"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-60152"
      },
      {
        "date": "2013-06-26T00:00:00",
        "db": "BID",
        "id": "61202"
      },
      {
        "date": "2013-08-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003683"
      },
      {
        "date": "2013-08-09T20:56:06.917000",
        "db": "NVD",
        "id": "CVE-2013-0150"
      },
      {
        "date": "2013-08-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-136"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-60152"
      },
      {
        "date": "2013-06-26T00:00:00",
        "db": "BID",
        "id": "61202"
      },
      {
        "date": "2013-08-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003683"
      },
      {
        "date": "2023-12-14T16:08:02.297000",
        "db": "NVD",
        "id": "CVE-2013-0150"
      },
      {
        "date": "2013-08-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-136"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-136"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F5 BIG-IP APM and  FirePass Directory traversal vulnerability in products such as",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003683"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-136"
      }
    ],
    "trust": 0.6
  }
}

ghsa-wxch-2vvj-p58q

Vulnerability from github

Published

2022-05-05 02:48

Modified

2022-05-05 02:48

Details

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-0150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-08-09T20:56:00Z",
    "severity": "HIGH"
  },
  "details": "Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products \"when APM is provisioned,\" allows remote attackers to upload and execute arbitrary files via a ..  (dot dot) in the filename parameter.",
  "id": "GHSA-wxch-2vvj-p58q",
  "modified": "2022-05-05T02:48:29Z",
  "published": "2022-05-05T02:48:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0150"
    },
    {
      "type": "WEB",
      "url": "https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/53477"
    },
    {
      "type": "WEB",
      "url": "http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2013-0150

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2013-0150

Vulnerability from cvelistv5

gsd-2013-0150

Vulnerability from gsd

var-201308-0053

Vulnerability from variot

ghsa-wxch-2vvj-p58q

Vulnerability from github

Tags

Sightings

Nomenclature