3 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation. Vulnerabilidad de XSS en la caracteristica tree view (pl_tree.php) en Application Security Manager (ASM) en F5 BIG-IP 11.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante el acceso a una URL manipulada durante la generación automática de políticas. • http://secunia.com/advisories/62000 http://www.securityfocus.com/archive/1/534137/100/0/threaded https://support.f5.com/csp/article/K15939 https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15939.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 2

Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form. Vulnerabilidad de falsificación de petición cruzada en sitios cruzados (CSRF) en la consola de gestión web en F5 BIG-IP v9.4.3 permite a atacantes remotos secuestrar la autenticación de los administradores para las peticiones que crean nuevos administradores y ejecutan comandos de consola, como se ha demostrado al usar tmui/Control/form. • https://www.exploit-db.com/exploits/31133 http://osvdb.org/50985 http://www.securityfocus.com/archive/1/487862/100/200/threaded http://www.securityfocus.com/archive/1/487863/100/200/threaded http://www.securityfocus.com/bid/27720 https://exchange.xforce.ibmcloud.com/vulnerabilities/40419 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 10%CPEs: 5EXPL: 2

Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. Múltiples desbordamientos de búfer basados en pila en el módulo de Apache legacy mod_jk2 2.0.3-DEV y anteriores permiten a atacantes remotos ejecutar código de su elección a través de una (1) cabecera Host larga o (2) Hostname dentro de una cabecera Host larga. • https://www.exploit-db.com/exploits/5386 http://securityreason.com/securityalert/3661 http://www.ioactive.com/pdfs/mod_jk2.pdf http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf http://www.kb.cert.org/vuls/id/771937 http://www.securityfocus.com/archive/1/487983/100/100/threaded http://www.securityfocus.com/bid/27752 http://www.vupen.com/english/advisories/2008/0572 https://www.exploit-db.com/exploits/5330 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •