CVE-2013-0150

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/
http://secunia.com/advisories/53477	Vendor Advisory
http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:f5:big-ip_access_policy_manager:11.0.0:::::::standalone
	cpe:2.3:h:f5:big-ip_access_policy_manager:11.3.0:::::::standalone
	cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.4:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:::::::*
	cpe:2.3:h:f5:big-ip_access_policy_manager:10.2.4:::::::standalone
	cpe:2.3:h:f5:big-ip_access_policy_manager:10.1.0:::::::standalone
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:h:f5:firepass:6.1.0:::::::*
	cpe:2.3:h:f5:firepass:7.0.0:::::::*
	cpe:2.3:h:f5:firepass:6.0:::::::*

Information

Published : 2013-08-09 13:56

Updated : 2013-08-12 08:57

NVD link : CVE-2013-0150

Mitre link : CVE-2013-0150

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

Products Affected

f5

big-ip_access_policy_manager
firepass

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/", "name": "https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/53477", "name": "53477", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html", "name": "http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products \"when APM is provisioned,\" allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-0150", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2013-08-09T20:56Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:standalone", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:standalone", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:standalone", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:standalone", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:f5:firepass:6.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:f5:firepass:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-08-12T15:57Z"}