OSVDB ID: 86565

Title: F5 FirePass SSL VPN my.activation.cns.php3 refreshURL Parameter Arbitrary Site Redirect

Info

Disclosure

Oct 20, 2012

Discovery

Unknown

Dates

Exploit

Oct 20, 2012

Solution

Unknown

Description

F5 FirePass SSL VPN contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the 'refreshURL' parameter upon submission to the my.activation.cns.php3 script. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related, Security Software

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

F5 Networks, Inc.

FirePass SSL VPN

4xxx Series

References

Security Tracker: 1027688
ISS X-Force ID: 79495
Mail List Post: http://seclists.org/fulldisclosure/2012/Oct/148
Vendor URL: http://www.f5.com/
Other Advisory URL: http://yehg.net/lab/pr0js/advisories/%5BF5_firepass4x%5D_url_redirection

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86565