SOL15532 - XSS vulnerability in echo.jsp CVE-2014-4023


Vulnerability Recommended Actions If the previous table lists a version in the **Versions known to be not vulnerable column**, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this vulnerability, you can limit Configuration utility access to a trusted management network. Acknowledgements F5 would like to acknowledge Stefan Viehböck of SEC Consult Vulnerability Lab for bringing this issue to our attention, and for following the highest standards of responsible disclosure. Supplemental Information * SOL9970: Subscribing to email notifications regarding F5 products * SOL9957: Creating a custom RSS feed to view new and updated documents * SOL4602: Overview of the F5 security vulnerability response policy * SOL4918: Overview of the F5 critical issue hotfix policy * SOL167: Downloading software and firmware from F5 * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x) * SOL10025: Managing BIG-IP product hotfixes (10.x) * SOL9502: BIG-IP hotfix matrix

Affected Software

CPE Name Name Version
big-ip apm 10.2.4
big-ip gtm 11.5.1
big-ip analytics 11.5.1
big-ip edge gateway 11.3.0
big-ip apm 11.5.1
big-ip pem 11.5.1
big-ip webaccelerator 11.3.0
big-ip wom 10.2.4
big-ip webaccelerator 10.2.4
big-ip psm 11.4.1
enterprise manager 2.3.0
big-ip gtm 10.2.4
big-ip aam 11.5.1
big-ip edge gateway 10.2.4
big-ip ltm 10.2.4
big-ip link controller 11.5.1
big-ip asm 10.2.4
big-ip psm 10.2.4
enterprise manager 3.1.1
big-ip ltm 11.5.1
big-ip afm 11.5.1
big-ip asm 11.5.1
big-ip wom 11.3.0
big-ip link controller 10.2.4