Lucene search

K
f5F5F5:K13993
HistorySep 09, 2013 - 12:00 a.m.

K13993 : Cross-site URL redirection attack vulnerability CVE-2009-4017

2013-09-0900:00:00
my.f5.com
45

5.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.028 Low

EPSS

Percentile

89.6%

Security Advisory Description

F5 FirePass SSL VPN contains a flaw that allows a remote cross-site redirection attack. This flaw exists because the application does not validate the refreshURL parameter upon submission to themy.activation.cns.php3 script. As a result, a user could create a URL that, when clicked, would redirect a victim from the intended legitimate website to an arbitrary website of the attacker’s choosing. (CVE-2009-4017)
Impact
A remote user can cause the target user’s browser to redirect to an arbitrary URL.

5.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.028 Low

EPSS

Percentile

89.6%