Cross-Site Scripting Vulnerabilities in F5 FirePass SSL VPN
CVE-2008-2637

Currently unrated

Key Information:

Vendor: F5
Status: Firepass Ssl Vpn
Vendor: CVE Published:; 10 June 2008

Summary

F5 FirePass SSL VPN has multiple vulnerabilities that allow remote attackers to execute arbitrary scripts in users' browsers. These flaws exist due to improper validation of input parameters. Attackers can exploit this by injecting malicious scripts through the 'css_exceptions' parameter in the vdesk/admincon/webyfiers.php file and the 'sql_matchscope' parameter in the vdesk/admincon/index.php file. Successful exploitation could lead to user data theft or session hijacking.

References

http://www.securitytracker.com/id?1020205

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2008/1765/references

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/493149/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 10, 2008
Vulnerability Reserved
Jun 9, 2008