Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
References
Link | Resource |
---|---|
http://secunia.com/advisories/53477 | Not Applicable Vendor Advisory |
http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html | Vendor Advisory |
https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ | Third Party Advisory |
http://secunia.com/advisories/53477 | Not Applicable Vendor Advisory |
http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html | Vendor Advisory |
https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/53477 - Not Applicable, Vendor Advisory | |
References | () http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html - Vendor Advisory | |
References | () https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ - Third Party Advisory |
14 Dec 2023, 16:08
Type | Values Removed | Values Added |
---|---|---|
References | (SECUNIA) http://secunia.com/advisories/53477 - Not Applicable, Vendor Advisory | |
References | (MISC) https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ - Third Party Advisory | |
CPE | cpe:2.3:h:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:standalone cpe:2.3:h:f5:firepass:6.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:* cpe:2.3:h:f5:firepass:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:* cpe:2.3:h:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:standalone cpe:2.3:h:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:standalone cpe:2.3:h:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:standalone cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:* |
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:* cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* |
Information
Published : 2013-08-09 20:56
Updated : 2024-11-21 01:46
NVD link : CVE-2013-0150
Mitre link : CVE-2013-0150
CVE.ORG link : CVE-2013-0150
JSON object : View
Products Affected
f5
- big-ip_application_security_manager
- big-ip_global_traffic_manager
- big-ip_policy_enforcement_manager
- big-ip_edge_gateway
- big-ip_wan_optimization_manager
- big-ip_link_controller
- big-ip_local_traffic_manager
- big-ip_webaccelerator
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- firepass
- big-ip_protocol_security_module
- big-ip_analytics
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')