VAR-201410-0037
Vulnerability from variot - Updated: 2023-12-18 12:07F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. An attacker can exploit this issue to gain access to the affected application. BIG-IP Analytics 11.0.0 through 11.3.0 are affected. F5 BIG-IP Analytics is a set of web application performance analysis software developed by F5 Corporation of the United States. The software provides detailed analysis of performance metrics such as transactions per second, server latency, web page load time, and response throughput, among others
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.9,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.9,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.9,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip analytics",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "11.x"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip analytics hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip analytics hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip analytics 11.0.0-hf2",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"model": "big-ip analytics",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip analytics",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip analytics",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
}
],
"sources": [
{
"db": "BID",
"id": "68792"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006667"
},
{
"db": "NVD",
"id": "CVE-2013-7408"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-621"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:11.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7408"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "68792"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7408",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-7408",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-67410",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7408",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-621",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-67410",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67410"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006667"
},
{
"db": "NVD",
"id": "CVE-2013-7408"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-621"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. \nAn attacker can exploit this issue to gain access to the affected application. \nBIG-IP Analytics 11.0.0 through 11.3.0 are affected. F5 BIG-IP Analytics is a set of web application performance analysis software developed by F5 Corporation of the United States. The software provides detailed analysis of performance metrics such as transactions per second, server latency, web page load time, and response throughput, among others",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7408"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006667"
},
{
"db": "BID",
"id": "68792"
},
{
"db": "VULHUB",
"id": "VHN-67410"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7408",
"trust": 2.8
},
{
"db": "BID",
"id": "68792",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006667",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-621",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-67410",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67410"
},
{
"db": "BID",
"id": "68792"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006667"
},
{
"db": "NVD",
"id": "CVE-2013-7408"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-621"
}
]
},
"id": "VAR-201410-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67410"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:07:54.836000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "sol14334: BIG-IP Analytics generates predictable session cookies",
"trust": 0.8,
"url": "http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html"
},
{
"title": "BIGIP-11.4.0.2384.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54663"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006667"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-621"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67410"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006667"
},
{
"db": "NVD",
"id": "CVE-2013-7408"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/68792"
},
{
"trust": 1.7,
"url": "http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7408"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7408"
},
{
"trust": 0.3,
"url": "http://www.f5.com/"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html?ref=rss"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67410"
},
{
"db": "BID",
"id": "68792"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006667"
},
{
"db": "NVD",
"id": "CVE-2013-7408"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-621"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67410"
},
{
"db": "BID",
"id": "68792"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006667"
},
{
"db": "NVD",
"id": "CVE-2013-7408"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-621"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-67410"
},
{
"date": "2014-07-22T00:00:00",
"db": "BID",
"id": "68792"
},
{
"date": "2014-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006667"
},
{
"date": "2014-10-26T20:55:02.667000",
"db": "NVD",
"id": "CVE-2013-7408"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-621"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-67410"
},
{
"date": "2015-04-13T21:01:00",
"db": "BID",
"id": "68792"
},
{
"date": "2014-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006667"
},
{
"date": "2014-10-27T15:40:45.113000",
"db": "NVD",
"id": "CVE-2013-7408"
},
{
"date": "2014-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-621"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-621"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "F5 BIG-IP Analytics Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006667"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-621"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…