CVE-2014-3959

Currently unrated

Key Information:

Vendor: F5
Status: Big-ip Protocol Security Module; Big-ip Advanced Firewall Manager; Big-ip Edge Gateway; Big-ip Local Traffic Manager
Vendor: CVE Published:; 3 June 2014

Summary

Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

References

http://secunia.com/advisories/58969

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1030319

vdb-entryx_refsource_SECTRACK

http://support.f5.com/kb/en-us/solutions/public/15000/200...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 3, 2014
Vulnerability Reserved
Jun 3, 2014