SecuriTeam - F5 FirePass Cross-Site Scripting vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

A Cross-Site Scripting vulnerability in the F5 Networks FirePass SSL VPN controller that allows execution of arbitrary JavaScript code on the computer of a user as if it genuinely originated from the target domain.

Credit:
The information has been provided by Sjoerd Resink.
The original article can be found at: https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsa rtikel/f5-firepass-cross-site-scripting-vulnerability/106

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* F5 Networks FirePass SSL VPN

This vulnerability can be used to execute arbitrary JavaScript code on the computer of a user as if it genuinely originated from the target domain. In order to do this, an attacker would have to lure the user into visiting a specially prepared URL. Pages can be modified in such a way that any data entered into password fields will not only be sent to the F5 FirePass appliance, but also to the attacker. More advanced exploits of XSS also enable attackers to abuse the user's computer as a stepping stone for launching further attacks on the user's internal network.

Patch Availability:
F5 Networks has released Cumulative HotFix-603-3 for FirePass to address this vulnerability. More information about obtaining and installing this patch can be found at:
https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10143.html

Disclosure Timeline:
May 01, 2009 Vulnerability discovered
May 14, 2009 Reported to vendor
May 28, 2009 Fix available

	SugarCRM Online Document Cross-Site Scripting (XSS) Vulnerability
	Skype URI Processing Arbitrary XML File Deletion Vulnerability
	Skype Protocol Handler Datapath Argument Injection Credential Disclosure Vulnerability
	LedgerSMB Multiple Vulnerabilities
	Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability
	Piwik Cookie Unserialize Vulnerability
	Invision Power Board SQL PHP File Inclusion and SQL Injection
	U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) Vulnerability
	DevIL DICOM Buffer Overflow Vulnerability
	Marvell Driver Multiple Information Element Overflows
	HP Data Protector Express and Single Server Edition (SSE) DoS and Code Execution
	HP Color LaserJet Printers Unauthorized Access to Data and DoS
	KDE KDELibs Remote Array Overrun with Arbitrary Code Execution
	Gimp BMP Image Parsing Integer Overflow Vulnerability
	Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation