var-199911-0072
Vulnerability from variot
bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. BigIP is a load balancing system from F5 software. It has a web-based configuration system, which is vulnerable to several standard CGI attacks. According to Guy Cohen guy@crypto.org.il, it is possible to view arbitrary files on the BSDI system which it is installed on. To add to this, the configuration program is installed setuid root. This is considered a local vulnerability since htaccess authentication is required to get to the configuration area. No more information on this vulnerability is available. It has a web management interface and configures the program through some CGI scripts. There is an input validation vulnerability in the \"bigconf.cgi\" script in the software package, allowing remote attackers to view arbitrary system files with the authority of the Web Server process. The bug finder did not provide further clarification
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199911-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tmos",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "2.0"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.9,
"vendor": "f5",
"version": "2.0"
},
{
"model": "big-ip",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "2.1"
}
],
"sources": [
{
"db": "BID",
"id": "778"
},
{
"db": "NVD",
"id": "CVE-1999-1550"
},
{
"db": "CNNVD",
"id": "CNNVD-199911-027"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:f5:tmos:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1550"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Guy Cohen\u203b guy@crypto.org.il",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199911-027"
}
],
"trust": 0.6
},
"cve": "CVE-1999-1550",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-1531",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-1999-1550",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-199911-027",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1531",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1531"
},
{
"db": "NVD",
"id": "CVE-1999-1550"
},
{
"db": "CNNVD",
"id": "CNNVD-199911-027"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the \"file\" parameter. BigIP is a load balancing system from F5 software. It has a web-based configuration system, which is vulnerable to several standard CGI attacks. According to Guy Cohen \u003cguy@crypto.org.il\u003e, it is possible to view arbitrary files on the BSDI system which it is installed on. To add to this, the configuration program is installed setuid root. This is considered a local vulnerability since htaccess authentication is required to get to the configuration area. No more information on this vulnerability is available. It has a web management interface and configures the program through some CGI scripts. There is an input validation vulnerability in the \\\"bigconf.cgi\\\" script in the software package, allowing remote attackers to view arbitrary system files with the authority of the Web Server process. The bug finder did not provide further clarification",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1550"
},
{
"db": "BID",
"id": "778"
},
{
"db": "VULHUB",
"id": "VHN-1531"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "778",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-1999-1550",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-199911-027",
"trust": 0.7
},
{
"db": "XF",
"id": "7771",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "19991109 RE: BIGIP - BIGCONF.CGI HOLES",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "19991109",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "19991108 BIGIP - BIGCONF.CGI HOLES",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3206",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-1531",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1531"
},
{
"db": "BID",
"id": "778"
},
{
"db": "NVD",
"id": "CVE-1999-1550"
},
{
"db": "CNNVD",
"id": "CNNVD-199911-027"
}
]
},
"id": "VAR-199911-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1531"
}
],
"trust": 0.5615448
},
"last_update_date": "2023-12-18T12:14:15.370000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1550"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/778"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/7771.php"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=94217006208374\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=94225879703021\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=94217879020184\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=94225879703021\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=94217879020184\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=94217006208374\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3206"
},
{
"trust": 0.3,
"url": "http://www.f5.com/f5products/bigip/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1531"
},
{
"db": "BID",
"id": "778"
},
{
"db": "NVD",
"id": "CVE-1999-1550"
},
{
"db": "CNNVD",
"id": "CNNVD-199911-027"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1531"
},
{
"db": "BID",
"id": "778"
},
{
"db": "NVD",
"id": "CVE-1999-1550"
},
{
"db": "CNNVD",
"id": "CNNVD-199911-027"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-1531"
},
{
"date": "1999-11-08T00:00:00",
"db": "BID",
"id": "778"
},
{
"date": "1999-11-08T05:00:00",
"db": "NVD",
"id": "CVE-1999-1550"
},
{
"date": "1999-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199911-027"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-1531"
},
{
"date": "1999-11-08T00:00:00",
"db": "BID",
"id": "778"
},
{
"date": "2018-10-30T16:25:33.730000",
"db": "NVD",
"id": "CVE-1999-1550"
},
{
"date": "2005-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199911-027"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199911-027"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "F5 Software BigIP of bigconf.cgi Script leaking file content vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199911-027"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "778"
},
{
"db": "CNNVD",
"id": "CNNVD-199911-027"
}
],
"trust": 0.9
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.