Cross-Site Scripting Vulnerabilities in F5 FirePass SSL VPN
CVE-2008-2637

Currently unrated

Key Information:

Vendor

F5
Status
Firepass Ssl Vpn
Vendor
CVE Published:
10 June 2008

What is CVE-2008-2637?

F5 FirePass SSL VPN has multiple vulnerabilities that allow remote attackers to execute arbitrary scripts in users' browsers. These flaws exist due to improper validation of input parameters. Attackers can exploit this by injecting malicious scripts through the 'css_exceptions' parameter in the vdesk/admincon/webyfiers.php file and the 'sql_matchscope' parameter in the vdesk/admincon/index.php file. Successful exploitation could lead to user data theft or session hijacking.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id?1020205
vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/1765/references
vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/493149/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.