Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6704

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2007-6704
Last Modified 08 Apr 2009 01:20:22
Published 05 Mar 2008 06:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2007-6704

Summary

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.

Vulnerable Systems


References

XF - firepass-mylogonphp3-xss(38795)

XF - firepass-myactivation-xss(38785)

BUGTRAQ - 20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script

SECTRACK - 1019031

BID - 26661

BID - 26659

BUGTRAQ - 20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script

BUGTRAQ - 20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script

MISC - http://www.procheckup.com/Vulnerability_PR07-15a.php

MISC - http://www.procheckup.com/Vulnerability_PR07-14.php

OSVDB - 38981

OSVDB - 38980

SECUNIA - 27904

SREASON - 3712


Last Updated: 27 May 2016 10:46:36