Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN 'download_plugin.php3' server-side script
SecurityAlert : 3364 CVE : CVE-2007-5979 SecurityRisk : Low (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Jan Fry & Adrian Pastor Published : 15.11.2007
Affected Software :
F5 FirePass 4100 SSL VPN version 6.0 - 6.0.1
F5 FirePass 4100 SSL VPN version 5.4 - 5.5.2
Advisory Content :
Date Found: 19th June 2007
Successfully tested on: version 5.5.2
F5 Networks has confirmed the following versions to be vulnerable:
FirePass versions 5.4 - 5.5.2
FirePass versions 6.0 - 6.0.1
Description:
F5 Networks FirePass 4100 SSL VPN is vulnerable to XSS within the "backurl"
parameter processed by the "download_plugin.php3" server-side script.
No authentication is required to exploit this vulnerability.
Consequences:
An attacker may be able to cause execution of malicious scripting code in
the browser of a user who visits a specially-crafted URL to an F5 Firepass
device, or visits a malicious page that makes a request to such URL. Such
code would run within the security context of the target domain.
This type of attack can result in non-persistent defacement of the target
site, or the redirection of confidential information (i.e. admin session
IDs) to unauthorised third parties.
Severity: Medium/High
Credits: Jan Fry [jan.fry [at] procheckup.com] and Adrian Pastor
[adrian.pastor [at] procheckup.com] of ProCheckUp Ltd
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.