K8602 : XSS vulnerability viewing logs from the web management interface

Security Advisory Description

Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.

F5 products and versions that have been evaluated for this Security Advisory

A cross-site scripting (XSS) vulnerability in the Logs section of the BIG-IP and Enterprise Manager web management interface may allow for script execution when viewing a log file that contains malicious content. Exploitation of this vulnerability would require an attacker to generate a log entry that contains an embedded link. The embedded link could then be executed if an authenticated web management interface user selected the link while viewing the log file using the web management interface.

To prevent exposure to this vulnerability do not select any unknown or suspicious content when viewing log files using the BIG-IP or Enterprise Manager web management interface. To view log files from the command line, access the device using an SSH client.

Note: Because exploitation of this vulnerability requires an authenticated user, F5 considers this to be a local vulnerability.

F5 Product Development tracked this issue as CR96889, and it was fixed in BIG-IP 10.0.0 and Enterprise Manager 1.8.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, PSM, Link Controller, WebAccelerator or Enterprise Manager release notes.

For additional information about this advisory, refer to the following articles:

• <https://www.securityfocus.com/archive/1/489991&gt;
• <https://vulners.com/cve/CVE-2008-7032&gt;