Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
References
Link | Resource |
---|---|
http://secunia.com/advisories/53477 | Not Applicable Vendor Advisory |
http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html | Vendor Advisory |
https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Dec 2023, 16:08
Type | Values Removed | Values Added |
---|---|---|
References | (SECUNIA) http://secunia.com/advisories/53477 - Not Applicable, Vendor Advisory | |
References | (MISC) https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ - Third Party Advisory | |
First Time |
F5 big-ip Webaccelerator
F5 big-ip Global Traffic Manager F5 big-ip Wan Optimization Manager F5 big-ip Protocol Security Module F5 big-ip Edge Gateway F5 big-ip Policy Enforcement Manager F5 big-ip Application Security Manager F5 big-ip Advanced Firewall Manager F5 big-ip Local Traffic Manager F5 big-ip Link Controller F5 big-ip Analytics |
|
CPE | cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:* cpe:2.3:h:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:standalone cpe:2.3:h:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:standalone cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:* cpe:2.3:h:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:standalone cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:* cpe:2.3:h:f5:firepass:6.1.0:*:*:*:*:*:*:* cpe:2.3:h:f5:firepass:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:* |
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:* |
Information
Published : 2013-08-09 20:56
Updated : 2024-02-28 12:00
NVD link : CVE-2013-0150
Mitre link : CVE-2013-0150
CVE.ORG link : CVE-2013-0150
JSON object : View
Products Affected
f5
- firepass
- big-ip_access_policy_manager
- big-ip_webaccelerator
- big-ip_link_controller
- big-ip_global_traffic_manager
- big-ip_edge_gateway
- big-ip_analytics
- big-ip_policy_enforcement_manager
- big-ip_advanced_firewall_manager
- big-ip_local_traffic_manager
- big-ip_application_security_manager
- big-ip_protocol_security_module
- big-ip_wan_optimization_manager
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')