CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 2CVE-2008-7032 – F5 BIG-IP 9.4.3 - Web Management Interface Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2008-7032
Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form. Vulnerabilidad de falsificación de petición cruzada en sitios cruzados (CSRF) en la consola de gestión web en F5 BIG-IP v9.4.3 permite a atacantes remotos secuestrar la autenticación de los administradores para las peticiones que crean nuevos administradores y ejecutan comandos de consola, como se ha demostrado al usar tmui/Control/form. • https://www.exploit-db.com/exploits/31133 http://osvdb.org/50985 http://www.securityfocus.com/archive/1/487862/100/200/threaded http://www.securityfocus.com/archive/1/487863/100/200/threaded http://www.securityfocus.com/bid/27720 https://exchange.xforce.ibmcloud.com/vulnerabilities/40419 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 10%CPEs: 5EXPL: 2CVE-2007-6258 – Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow
https://notcve.org/view.php?id=CVE-2007-6258
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. Múltiples desbordamientos de búfer basados en pila en el módulo de Apache legacy mod_jk2 2.0.3-DEV y anteriores permiten a atacantes remotos ejecutar código de su elección a través de una (1) cabecera Host larga o (2) Hostname dentro de una cabecera Host larga. • https://www.exploit-db.com/exploits/5386 http://securityreason.com/securityalert/3661 http://www.ioactive.com/pdfs/mod_jk2.pdf http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf http://www.kb.cert.org/vuls/id/771937 http://www.securityfocus.com/archive/1/487983/100/100/threaded http://www.securityfocus.com/bid/27752 http://www.vupen.com/english/advisories/2008/0572 https://www.exploit-db.com/exploits/5330 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 2CVE-2008-0539 – F5 BIG-IP Application Security Manager 9.4.3 - 'report_type' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0539
Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter. Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en dms/policy/rep_request.php en F5 BIG-IP Application Security Manager (ASM) 9.4.3, permiten a atacantes remotos inyectar web script o HTML de su elección a través del parámetro report_type. • https://www.exploit-db.com/exploits/31065 http://secunia.com/advisories/28655 http://securityreason.com/securityalert/3602 http://www.securityfocus.com/archive/1/487118/100/0/threaded http://www.securityfocus.com/archive/1/489290/100/0/threaded http://www.securityfocus.com/bid/27462 http://www.securityfocus.com/bid/28151 http://www.securitytracker.com/id?1019276 http://www.vupen.com/english/advisories/2008/0301 https://exchange.xforce.ibmcloud.com/vulnerabilities/39979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •