CVE-2013-0150

{"id": "CVE-2013-0150", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-08-09T20:56:06.917", "references": [{"url": "http://secunia.com/advisories/53477", "tags": ["Not Applicable", "Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products \"when APM is provisioned,\" allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en una firma no especificada de un Applet Java en un componente client-side en F5 BIG-IP APM v10.1.0 hasta v10.2.4 y v11.0.0 hasta v11.3.0, FirePass v6.0.0 hasta v6.1.0 y v7.0.0, y otros productos \"cuando APM se aprovisiona,\" permite que atacantes remotos puedan subir y ejecutar fichero de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro nombre de fichero."}], "lastModified": "2023-12-14T16:08:02.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79618AB4-7A8E-4488-8608-57EC2F8681FE", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "384E40E2-6A1E-41EE-9075-C3D4E4C9DF3D", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7507BDFF-5B52-4A06-9F8C-2B6F3958162A"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA3E5454-D0E6-4BF9-B95F-A43ECE1A4C66", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84B339AC-E904-4D62-81B6-61E1899F6855", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD998E02-0896-4970-8BF7-2D2A3EF3FD7B", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8347412-DC42-4B86-BF6E-A44A5E1541ED", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8942D9D-8E3A-4876-8E93-ED8D201FF546", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70E5E739-25AE-4A53-A756-A7189C785AD9", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC253328-767A-4DC9-85FB-E8E5666B916B", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AD005AD-AC65-44D1-8DB0-86B8D7F8ABE3", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64C91648-A64F-4D8A-9F60-DEE6CA181A87", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43A25E12-3EDE-4984-9006-1FBCB1977F2C", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E675191C-CA97-4F56-949A-DF2180C2C9F0", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CA52816-C4B7-4B1E-A950-EE9B571CB06B"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51E532C1-88C1-461F-9563-E74C0DCFBCBD", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A97C7ACA-7D67-49C1-BA1E-256CD9E337D8", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2F00612-6DDC-448F-AF3F-5869A5EDF95B", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68BC025A-D45E-45FB-A4E4-1C89320B5BBE", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99AC375E-C787-4D10-9062-36548041E343", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C75978B-566B-4353-8716-099CB8790EE0", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15CE213B-F42C-4C2E-AFBD-852AB049FF8A", "versionEndIncluding": "6.1.0", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "442D343A-973B-4C33-B99B-1EA2B7670DE5"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}