Computer Security
[EN] securityvulns.ru no-pyccku


Multiple F5 FirePass security vulnerabilities
Published:12.01.2007
Source:
SecurityVulns ID:7048
Type:remote
Threat Level:
6/10
Description:URL restrictions bypass, crossite scripting. Restrictions bypass with dotless IP address. Acounts enumeration.
Affected:F5 : FirePass 5.4
 F5 : FirePass 5.5
 F5 : FirePass 6.0
CVE:CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.)
 CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.)
 CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.)
 CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.)
Original documentdocumentSECUNIA, [SA23640] FirePass URL Restriction Bypass Vulnerabilities (12.01.2007)
 documentSECUNIA, [SA23627] FirePass Multiple Vulnerabilities (12.01.2007)
 documentSECUNIA, [SA23643] FirePass Cross-Site Scripting Vulnerabilities (12.01.2007)
 documentSECUNIA, [SA23626] FirePass URL Restriction Bypass (12.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod