CVE-2013-3587
https://notcve.org/view.php?id=CVE-2013-3587
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. El protocolo HTTPS, como es usado en aplicaciones web no especificadas, puede cifrar datos comprimidos sin ofuscar apropiadamente la longitud de los datos no cifrados, facilitando a atacantes de tipo "man-in-the-middle" obtener valores secretos en texto plano al observar las diferencias de longitud durante una serie de adivinaciones en las que una cadena en una URL de peticiones HTTP coincide potencialmente con una cadena desconocida en un cuerpo de respuesta HTTP, también se conoce como ataque "BREACH", un problema diferente de CVE-2012-4929. • http://breachattack.com http://github.com/meldium/breach-mitigation-rails http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407 http://slashdot.org/story/13/08/05/233216 http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf http://www.kb.cert.org/vuls/id/987798 https://bugzilla.redhat.com/show_bug.cgi?id=995168 https://hackerone.com/reports/254895 https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apach • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-4040 – F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-4040
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. Vulnerabilidad de salto de directorio en la utilidad de configuración en F5 BIG-IP en versiones anteriores a 12.0.0 y Enterprise Manager 3.0.0 hasta la versión 3.1.1, permite a usuarios remotos autenticados acceder a archivos arbitrarios en la raíz web a través de vectores no especificados. F5 BigIP version 10.2.4 Build 595.0 Hotfix HF3 suffers from a path traversal vulnerability. • https://www.exploit-db.com/exploits/38448 http://packetstormsecurity.com/files/133931/F5-BigIP-10.2.4-Build-595.0-HF3-Path-Traversal.html http://www.securitytracker.com/id/1033532 http://www.securitytracker.com/id/1033533 https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17253.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2015-1050
https://notcve.org/view.php?id=CVE-2015-1050
Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account. Vulnerabilidad de XSS en F5 BIG-IP Application Security Manager (ASM) anterior a 11.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo Response Body cuando se crea una cuenta de usuario nueva. • http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html http://seclists.org/fulldisclosure/2015/Jan/43 http://www.securityfocus.com/archive/1/534459/100/0/threaded http://www.securitytracker.com/id/1031551 https://exchange.xforce.ibmcloud.com/vulnerabilities/99907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1493 – F5 BIG-IP - Authentication Bypass (PoC)
https://notcve.org/view.php?id=CVE-2012-1493
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. El dispositivo F5 BIG-IP v9.x anteriores a v9.4.8-HF5, v10.x anteriores a v10.2.4, v11.0.x anteriores a v11.0.0-HF2, y v11.1.x anteriores a v11.1.0-HF3, y Enterprise Manager anteriores a v2.1.0-HF2, v2.2.x anteriores a v2.2.0-HF1, y v2.3.x anteriores a v2.3.0-HF3, usa una clave privada SSH en distintas instalaciones de clientes, y no restringe el acceso a la mismas de forma adecuada, lo que facilita a atacantes remotos hacer login SSH a través de la opción PubkeyAuthentication. F5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. • https://www.exploit-db.com/exploits/19064 https://www.exploit-db.com/exploits/19091 https://www.exploit-db.com/exploits/19099 http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb https://www.trustmatta.com/advisories/MATTA-2012-002.txt • CWE-255: Credentials Management Errors •
CVE-2008-0539 – F5 BIG-IP Application Security Manager 9.4.3 - 'report_type' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0539
Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter. Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en dms/policy/rep_request.php en F5 BIG-IP Application Security Manager (ASM) 9.4.3, permiten a atacantes remotos inyectar web script o HTML de su elección a través del parámetro report_type. • https://www.exploit-db.com/exploits/31065 http://secunia.com/advisories/28655 http://securityreason.com/securityalert/3602 http://www.securityfocus.com/archive/1/487118/100/0/threaded http://www.securityfocus.com/archive/1/489290/100/0/threaded http://www.securityfocus.com/bid/27462 http://www.securityfocus.com/bid/28151 http://www.securitytracker.com/id?1019276 http://www.vupen.com/english/advisories/2008/0301 https://exchange.xforce.ibmcloud.com/vulnerabilities/39979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •