Lucene search

[email protected]CVE-2013-0150

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2013-0150

2022-10-0316:15:04

CWE-22

[email protected]

web.nvd.nist.gov

cve-2013-0150

directory traversal

f5 big-ip apm

firepass

remote file upload

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.0%

JSON

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products “when APM is provisioned,” allows remote attackers to upload and execute arbitrary files via a … (dot dot) in the filename parameter.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerRange10.1.0–10.2.4

f5big-ip_access_policy_managerRange11.0.0–11.3.0

f5big-ip_advanced_firewall_managerMatch11.3.0

f5big-ip_analyticsRange11.0.0–11.3.0

f5big-ip_application_security_managerRange10.1.0–10.2.4

f5big-ip_application_security_managerRange11.0.0–11.3.0

f5big-ip_edge_gatewayRange10.1.0–10.2.4

f5big-ip_edge_gatewayRange11.0.0–11.3.0

f5big-ip_global_traffic_managerRange10.1.0–10.2.4

f5big-ip_global_traffic_managerRange11.0.0–11.3.0

f5big-ip_link_controllerRange10.1.0–10.2.4

f5big-ip_link_controllerRange11.0.0–11.3.0

f5big-ip_local_traffic_managerRange10.1.0–10.2.4

f5big-ip_local_traffic_managerRange11.0.0–11.3.0

f5big-ip_policy_enforcement_managerMatch11.3.0

f5big-ip_protocol_security_moduleRange10.1.0–10.2.4

f5big-ip_protocol_security_moduleRange11.0.0–11.3.0

f5big-ip_wan_optimization_managerRange10.1.0–10.2.4

f5big-ip_wan_optimization_managerRange11.0.0–11.3.0

f5big-ip_webacceleratorRange10.1.0–10.2.4

f5big-ip_webacceleratorRange11.0.0–11.3.0

f5firepassRange6.0.0–6.1.0

f5firepassMatch7.0.0

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managerle10.2.4
f5:big-ip_access_policy_managerf5 big-ip access policy managerle11.3.0
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managereq11.3.0
f5:big-ip_analyticsf5 big-ip analyticsle11.3.0
f5:big-ip_application_security_managerf5 big-ip application security managerle10.2.4
f5:big-ip_application_security_managerf5 big-ip application security managerle11.3.0
f5:big-ip_edge_gatewayf5 big-ip edge gatewayle10.2.4
f5:big-ip_edge_gatewayf5 big-ip edge gatewayle11.3.0
f5:big-ip_global_traffic_managerf5 big-ip global traffic managerle10.2.4
f5:big-ip_global_traffic_managerf5 big-ip global traffic managerle11.3.0

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	10.2.4
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	11.3.0
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	eq	11.3.0
f5:big-ip_analytics	f5 big-ip analytics	le	11.3.0
f5:big-ip_application_security_manager	f5 big-ip application security manager	le	10.2.4
f5:big-ip_application_security_manager	f5 big-ip application security manager	le	11.3.0
f5:big-ip_edge_gateway	f5 big-ip edge gateway	le	10.2.4
f5:big-ip_edge_gateway	f5 big-ip edge gateway	le	11.3.0
f5:big-ip_global_traffic_manager	f5 big-ip global traffic manager	le	10.2.4
f5:big-ip_global_traffic_manager	f5 big-ip global traffic manager	le	11.3.0