CVE-2008-2637
F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php?sql_matchscope' Cross-Site Scripting
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en F5 FirePass SSL VPN versiones 6.0.2 hotfix 3, y posiblemente versiones anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de comillas en (1) el parámetro css_exceptions en el archivo vdesk/admincon/webyfiers.php y (2) el parámetro sql_matchscope en el archivo vdesk/admincon/index.php.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-06-05 First Exploit
- 2008-06-09 CVE Reserved
- 2008-06-10 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://securityreason.com/securityalert/3931 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/493149/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/29574 | Vdb Entry | |
http://www.securitytracker.com/id?1020205 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/42884 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/31886 | 2008-06-05 | |
https://www.exploit-db.com/exploits/31885 | 2008-06-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/30550 | 2018-10-11 | |
http://www.vupen.com/english/advisories/2008/1765/references | 2018-10-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
F5 Search vendor "F5" | Firepass Ssl Vpn Search vendor "F5" for product "Firepass Ssl Vpn" | 6.0.2 Search vendor "F5" for product "Firepass Ssl Vpn" and version "6.0.2" | hotfix_3 |
Affected
|