Lucene search

MitreCVE-2014-3959

HistoryJun 03, 2014 - 2:55 p.m.

CVE-2014-3959

2014-06-0314:55:11

CWE-79

mitre

web.nvd.nist.gov

cve

2014

3959

cross-site scripting

xss

vulnerability

big-ip

configuration utility

web script

html

remote attackers

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

54.5%

JSON

Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Affected configurations

Nvd

Node

f5big-ip_access_policy_managerMatch11.2.1

f5big-ip_access_policy_managerMatch11.5.1

f5big-ip_advanced_firewall_managerMatch11.2.1

f5big-ip_advanced_firewall_managerMatch11.5.1

f5big-ip_analyticsMatch11.2.1

f5big-ip_analyticsMatch11.5.1

f5big-ip_application_acceleration_managerMatch11.4.0

f5big-ip_application_acceleration_managerMatch11.5.1

f5big-ip_application_security_managerMatch11.2.1

f5big-ip_application_security_managerMatch11.5.1

f5big-ip_edge_gatewayMatch11.2.1

f5big-ip_edge_gatewayMatch11.3.0

f5big-ip_global_traffic_managerMatch11.2.1

f5big-ip_global_traffic_managerMatch11.5.1

f5big-ip_link_controllerMatch11.2.1

f5big-ip_link_controllerMatch11.5.1

f5big-ip_local_traffic_managerMatch11.2.1

f5big-ip_local_traffic_managerMatch11.5.1

f5big-ip_policy_enforcement_managerMatch11.3.0

f5big-ip_policy_enforcement_managerMatch11.5.1

f5big-ip_protocol_security_moduleMatch11.2.1

f5big-ip_protocol_security_moduleMatch11.4.1

f5big-ip_wan_optimization_managerMatch11.2.1

f5big-ip_wan_optimization_managerMatch11.3.0

f5big-ip_webacceleratorMatch11.2.1

f5big-ip_webacceleratorMatch11.3.0

f5enterprise_managerMatch3.0.0

f5enterprise_managerMatch3.1.1

VendorProductVersionCPE
f5big-ip_access_policy_manager11.2.1cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*
f5big-ip_access_policy_manager11.5.1cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager11.2.1cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.2.1:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager11.5.1cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*
f5big-ip_analytics11.2.1cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*
f5big-ip_analytics11.5.1cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager11.4.0cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager11.5.1cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*
f5big-ip_application_security_manager11.2.1cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*
f5big-ip_application_security_manager11.5.1cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_access_policy_manager	11.2.1	cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:::::::*
f5	big-ip_access_policy_manager	11.5.1	cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:::::::*
f5	big-ip_advanced_firewall_manager	11.2.1	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.2.1:::::::*
f5	big-ip_advanced_firewall_manager	11.5.1	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:::::::*
f5	big-ip_analytics	11.2.1	cpe:2.3:a:f5:big-ip_analytics:11.2.1:::::::*
f5	big-ip_analytics	11.5.1	cpe:2.3:a:f5:big-ip_analytics:11.5.1:::::::*
f5	big-ip_application_acceleration_manager	11.4.0	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0:::::::*
f5	big-ip_application_acceleration_manager	11.5.1	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:::::::*
f5	big-ip_application_security_manager	11.2.1	cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:::::::*
f5	big-ip_application_security_manager	11.5.1	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:::::::*

Rows per page:

1-10 of 281

References

secunia.com/advisories/58969

support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.html

www.securityfocus.com/bid/67771

www.securitytracker.com/id/1030319

www.securitytracker.com/id/1030320

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

54.5%

JSON

Related for CVE-2014-3959