CVE-2013-0150

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:46

Type Values Removed Values Added
References () http://secunia.com/advisories/53477 - Not Applicable, Vendor Advisory () http://secunia.com/advisories/53477 - Not Applicable, Vendor Advisory
References () http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html - Vendor Advisory () http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html - Vendor Advisory
References () https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ - Third Party Advisory () https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ - Third Party Advisory

14 Dec 2023, 16:08

Type Values Removed Values Added
References (SECUNIA) http://secunia.com/advisories/53477 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/53477 - Not Applicable, Vendor Advisory
References (MISC) https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ - (MISC) https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ - Third Party Advisory
CPE cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:*
cpe:2.3:h:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:standalone
cpe:2.3:h:f5:firepass:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:*
cpe:2.3:h:f5:firepass:7.0.0:*:*:*:*:*:*:*
cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:*
cpe:2.3:h:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:standalone
cpe:2.3:h:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:standalone
cpe:2.3:h:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:standalone
cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

Information

Published : 2013-08-09 20:56

Updated : 2024-11-21 01:46


NVD link : CVE-2013-0150

Mitre link : CVE-2013-0150

CVE.ORG link : CVE-2013-0150


JSON object : View

Products Affected

f5

  • big-ip_application_security_manager
  • big-ip_global_traffic_manager
  • big-ip_policy_enforcement_manager
  • big-ip_edge_gateway
  • big-ip_wan_optimization_manager
  • big-ip_link_controller
  • big-ip_local_traffic_manager
  • big-ip_webaccelerator
  • big-ip_advanced_firewall_manager
  • big-ip_access_policy_manager
  • firepass
  • big-ip_protocol_security_module
  • big-ip_analytics
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')