FKIE_CVE-2007-0187

Vulnerability from fkie_nvd - Published: 2007-01-12 05:04 - Updated: 2025-04-09 00:30
Severity ?
Summary
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2007-01/0141.html
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html
cve@mitre.orghttp://osvdb.org/39167
cve@mitre.orghttp://secunia.com/advisories/23626
cve@mitre.orghttp://secunia.com/advisories/23640
cve@mitre.orghttp://www.mnin.org/advisories/2007_firepass.pdf
cve@mitre.orghttp://www.securityfocus.com/bid/21957
cve@mitre.orghttps://tech.f5.com/home/solutions/sol6916.html
cve@mitre.orghttps://tech.f5.com/home/solutions/sol6924.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0141.html
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/39167
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23626
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23640
af854a3a-2127-422b-91ae-364da2661108http://www.mnin.org/advisories/2007_firepass.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21957
af854a3a-2127-422b-91ae-364da2661108https://tech.f5.com/home/solutions/sol6916.html
af854a3a-2127-422b-91ae-364da2661108https://tech.f5.com/home/solutions/sol6924.html
Impacted products
Vendor Product Version
f5 firepass 5.4
f5 firepass 5.4.1
f5 firepass 5.4.2
f5 firepass 5.4.3
f5 firepass 5.4.4
f5 firepass 5.4.5
f5 firepass 5.4.6
f5 firepass 5.4.7
f5 firepass 5.4.8
f5 firepass 5.4.9
f5 firepass 5.5
f5 firepass 5.5.1
f5 firepass 5.5.2
f5 firepass 6.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1F4903-B7FB-4F0E-A4F0-5BC813F5BA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7A44F4-212D-445E-A283-8CC68C7415DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BEFC14C-CD35-43BD-BCC9-CD437DAC688D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAE893BF-A7DA-4FEC-9290-0FD202EC0D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3347FD7A-49F6-464B-A3DA-4D9DD8B0955C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "34DE479A-5D1B-4A21-94AE-D613BA9E6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9767F21-1539-4313-B2DA-2D368CADDA66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0286D438-6F1B-4D91-9A5B-CF12FEDDF427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ADF9E53-79F7-4678-A599-20385EEF993C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E646309D-AAF0-48D7-B8FF-A57DFAADCF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "186F19A2-C1F4-4D87-828B-6825B89F9C9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48D051A9-891E-4C1F-904C-058B37F95441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4982DC66-27A6-4A23-A8C7-CF3CC4A5F2BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDC49A3-D95D-4DDA-AAFD-4C58C7BA5042",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name."
    },
    {
      "lang": "es",
      "value": "F5 FirePass 5.4 hasta 5.5.2 y 6.0 permite a atacantes remotos acceder a URL\u0027s restringidas mediante (1) en un byte nulo al final, (2) m\u00faltiples barras iniciales, (3) codificaci\u00f3n Unicode , (4) curte de directorios URL-encoded \u00f3 caracteres de mismo directorio, \u00f3 (5) letras may\u00fasculas en el nombre de dominio."
    }
  ],
  "id": "CVE-2007-0187",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-12T05:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0141.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/39167"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23626"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23640"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mnin.org/advisories/2007_firepass.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21957"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://tech.f5.com/home/solutions/sol6916.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://tech.f5.com/home/solutions/sol6924.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0141.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/39167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mnin.org/advisories/2007_firepass.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://tech.f5.com/home/solutions/sol6916.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://tech.f5.com/home/solutions/sol6924.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.