38665 : F5 Firepass SSL VPN download_plugin.php3 backurl Parameter XSS
Printer | http://osvdb.org/38665 | Email This | Edit Vulnerability

Views This Week

Views All Time

759

Info

Last Modified

2 months ago

Percent Complete

25%

Disclosure

Nov 13, 2007

Discovery

Jun 19, 2007

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 25% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Keywords

No Keywords

Description

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Products

Unknown or Incomplete

References

Security Tracker: 1018937
CVE ID: 2007-5979 (see also: NVD)
Bugtraq ID: 26412
Secunia Advisory ID: 27647
ISS X-Force ID: 38439
FrSIRT Advisory: ADV-2007-3847
Other Advisory URL: http://www.procheckup.com/Vulnerability_PR07-13.php
Vendor Specific Solution URL: https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html

Manual Testing Notes

Credit