Directory Traversal Vulnerability in F5 BIG-IP APM and FirePass Products
CVE-2013-0150

Currently unrated

Key Information:

Vendor: F5
Status: Big-ip Access Policy Manager
Vendor: CVE Published:; 9 August 2013

Summary

A directory traversal vulnerability exists in a signed Java applet within the client-side components of F5 BIG-IP APM and FirePass products when APM is provisioned. This flaw allows remote attackers to manipulate file paths, potentially enabling them to upload and execute arbitrary files by using the '..' (dot dot) sequence in the filename parameter. Successful exploitation can lead to unauthorized access and execution of malicious code, posing significant risks to the system integrity.

References

https://nealpoole.com/blog/2013/07/code-execution-via-f5-...

x_refsource_MISC

http://support.f5.com/kb/en-us/solutions/public/14000/400...

x_refsource_CONFIRM

http://secunia.com/advisories/53477

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 9, 2013