Cross-site URL redirection attack vulnerability CVE-2009-4017

2012-11-03T02:18:00
ID F5:K13993
Type f5
Reporter f5
Modified 2017-03-14T22:15:00

Description

F5 Product Development has assigned ID 383337 (FirePass) to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:

Product| Versions known
to be vulnerable| Versions known
to be not vulnerable| Vulnerable component
or feature
---|---|---|---
BIG-IP LTM| None| 9.x
10.x
11.x| None
BIG-IP GTM| None| 9.x
10.x
11.x| None
BIG-IP ASM| None| 9.x
10.x
11.x| None
BIG-IP Link Controller| None| 9.x
10.x
11.x| None
BIG-IP WebAccelerator| None| 9.x
10.x
11.x| None
BIG-IP PSM| None| 9.x
10.x
11.x| None
BIG-IP WOM| None| 10.x
11.x| None
BIG-IP APM| None| 10.x
11.x| None
BIG-IP Edge Gateway| None| 10.x
11.x| None
BIG-IP Analytics| None| 11.x| None
BIG-IP AFM| None| 11.x| None
BIG-IP PEM| None| 11.x| None
BIG-IP AAM| None| 11.x| None
FirePass| 6.0.0 - 6.1.0
7.0.0| 6.1.0 HF-610-9
7.0.0 HF-70-7| Active user sessions
Enterprise Manager| None| 1.x
2.x
3.x| None
ARX| None| 4.x
5.x
6.x| None

Upgrade FirePass to the latest hotfix.

F5 would like to acknowledge Aung Khant of YGN Ethical Hacker Group, Myanmar for bringing this issue to our attention, and for following the highest standards of responsible disclosure.