Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0265

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0265
Last Modified 07 Mar 2011 10:04:14
Published 15 Jan 2008 03:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0265

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.

Vulnerable Systems

Application

  • F5 Big-ip 9.4.3


References

XF - f5bigip-searchstring-xss(39632)

VUPEN - ADV-2008-0181

SECTRACK - 1019190

BID - 27272

BUGTRAQ - 20080114 F5 BIG-IP Web Management List Search XSS

SECUNIA - 28505

SREASON - 3545


Last Updated: 27 May 2016 10:46:44