CVE-2007-6704

Currently unrated

Key Information:

Vendor
F5
Status
Firepass 4100
Vendor
CVE Published:
5 March 2008

Summary

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.

References

http://securityreason.com/securityalert/3712
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/492511/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/27904
third-party-advisoryx_refsource_SECUNIA

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.