Description
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.
Affected products
- F5 / firepass_41005.4.1 – 5.4.1
- F5 / firepass_41005.4.2 – 5.4.2
- F5 / firepass_41005.4.3 – 5.4.3
- F5 / firepass_41005.4.4 – 5.4.4
- F5 / firepass_41005.4.5 – 5.4.5
- F5 / firepass_41005.4.6 – 5.4.6
- F5 / firepass_41005.4.7 – 5.4.7
- F5 / firepass_41005.4.8 – 5.4.8
- F5 / firepass_41005.4.9 – 5.4.9
- F5 / firepass_41005.5.0 – 5.5.0
- F5 / firepass_41005.5.1 – 5.5.1
- F5 / firepass_41005.5.2 – 5.5.2
- F5 / firepass_41006.0 – 6.0
- F5 / firepass_41006.0.1 – 6.0.1
References
- MISChttp://securityreason.com/securityalert/3712
- MISChttp://www.securityfocus.com/archive/1/492511/100/0/threaded
- VENDOR_ADVISORYhttp://secunia.com/advisories/27904
- MISChttp://www.procheckup.com/Vulnerability_PR07-14.php
- MISChttp://www.osvdb.org/38981
- MISChttps://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/38785
- MISChttp://www.securityfocus.com/bid/26659
- MISChttp://www.procheckup.com/Vulnerability_PR07-15a.php
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/38795
- MISChttp://www.securityfocus.com/archive/1/484411/100/0/threaded
- MISChttp://www.osvdb.org/38980
- MISChttp://www.securitytracker.com/id?1019031
- MISChttp://www.securityfocus.com/bid/26661
- MISChttp://www.securityfocus.com/archive/1/484413/100/0/threaded