Lucene search

[email protected]CVE-2008-2637

HistoryJun 10, 2008 - 12:32 a.m.

CVE-2008-2637

2008-06-1000:32:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-2637

xss

f5 firepass

ssl vpn

vulnerability

security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.

Affected configurations

NVD

Node

f5firepass_ssl_vpnMatch6.0.2hotfix_3

CPENameOperatorVersion
f5:firepass_ssl_vpnf5 firepass ssl vpneq6.0.2

CPE	Name	Operator	Version
f5:firepass_ssl_vpn	f5 firepass ssl vpn	eq	6.0.2

References

secunia.com/advisories/30550

securityreason.com/securityalert/3931

www.securityfocus.com/archive/1/493149/100/0/threaded

www.securityfocus.com/bid/29574

www.securitytracker.com/id?1020205

www.vupen.com/english/advisories/2008/1765/references

exchange.xforce.ibmcloud.com/vulnerabilities/42884

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2008-2637

nvd1 prion1 cvelist1