Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
References
| Link | Resource |
|---|---|
| https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ | Third Party Advisory |
| http://secunia.com/advisories/53477 | Not Applicable Vendor Advisory |
| http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Dec 2023, 16:08
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:f5:firepass:6.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:* cpe:2.3:h:f5:firepass:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:* cpe:2.3:h:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:standalone cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:* cpe:2.3:h:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:standalone cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:* cpe:2.3:h:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:standalone cpe:2.3:h:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:standalone |
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:* cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:* |
| First Time |
F5 big-ip Policy Enforcement Manager
F5 big-ip Webaccelerator F5 big-ip Advanced Firewall Manager F5 big-ip Local Traffic Manager F5 big-ip Analytics F5 big-ip Wan Optimization Manager F5 big-ip Global Traffic Manager F5 big-ip Protocol Security Module F5 big-ip Edge Gateway F5 big-ip Application Security Manager F5 big-ip Link Controller |
|
| References | (MISC) https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/ - Third Party Advisory | |
| References | (SECUNIA) http://secunia.com/advisories/53477 - Not Applicable, Vendor Advisory |
Information
Published : 2013-08-09 20:56
Updated : 2023-12-14 16:08
NVD link : CVE-2013-0150
Mitre link : CVE-2013-0150
JSON object : View
Products Affected
f5
- big-ip_local_traffic_manager
- big-ip_global_traffic_manager
- big-ip_webaccelerator
- big-ip_policy_enforcement_manager
- big-ip_link_controller
- big-ip_wan_optimization_manager
- big-ip_application_security_manager
- big-ip_analytics
- big-ip_access_policy_manager
- big-ip_advanced_firewall_manager
- big-ip_protocol_security_module
- big-ip_edge_gateway
- firepass
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')