F5 Product Development has determined the likelihood of exploitation is low for the cross-site scripting (XSS) vulnerability disclosed in CVE-2007-5000. Exploiting this vulnerability would require an administrator of an F5 device to interact with a web page crafted by an attacker. Possible attacks could include recovering that administrator or operatorโs password to the BIG-IP.
Note: The BIG-IP system ships with themod_imapmodule, however the BIG-IP Configuration utility does not use or rely onmod_imap.
Information about this advisory is available at the following location:
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000>
F5 Product Development tracked this issue as CR59618 and it was fixed in BIG-IP 9.3.0 and 9.4.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller, and WebAccelerator release notes.
Workaround
If you are using a vulnerable version and upgrading is not an immediate option, you can disable mod_imap by performing the following procedure:
cd /config/httpd/conf
3. Open the httpd.conffile with a file editor and comment out the mod_imap entry by inserting**#** at the beginning of the following line:
#LoadModule imap_module modules/mod_imap.so
4. Save the httpd.conf file.
5. Restart the httpd daemon by typing the following command:
bigstart restart httpd
CPE | Name | Operator | Version |
---|---|---|---|
big-ip gtm | le | 9.2.5 | |
big-ip asm | le | 9.2.5 | |
big-ip link controller | le | 9.2.5 | |
big-ip ltm | le | 9.2.5 |