SOL6075 - Cross-Site Scripting Vulnerability - Secunia Advisory SA19337

2006-03-28T00:00:00
ID SOL6075
Type f5
Reporter f5
Modified 2015-03-10T00:00:00

Description

For information about the vulnerability described in this security advisory, refer to the following website locations:

http://www.securityfocus.com/archive/1/428318/30/0/threaded

http://secunia.com/advisories/19337/

http://www.frsirt.com/english/advisories/2006/1036

These vulnerabilities can lead to the injection of Javascript into carefully crafted URLs, which can send unsuspecting users to malicious sites. The affected FirePass pages fail to fully sanitize URL input before being sent to the user.

F5 Networks tracked this issue as CR60073, CR60938, and CR60420 and it was fixed in FirePass versions 5.5.2 and 6.0.0. For information about upgrading, refer to the FirePass Release Notes.

Obtaining and installing patches

Additionally, a hotfix has been issued for FirePass versions versions 5.4.1 through 5.5.1. You can download patches from the F5 Networks Downloads site for the following products and versions:

Product | Version | Hotfix | Installation File
---|---|---|---
FirePass
| 5.4.1 | hotfix-60073 | HF-60073-60420-2-5.41-ALL-0.tar.gz.enc
FirePass | 5.4.2 | hotfix-60420 | HF-60420-1-5.42-ALL-0.tar.gz.enc
FirePass | 5.5
| HF-60073-78967-1 | HF-60073-78967-1-5.5-ALL-0.tar.gz.enc

FirePass | 5.5.1
| HF-60073-78967-1 | HF-60073-78967-1-5.51-ALL-0.tar.gz.enc

For information about downloading software, refer to SOL167: Downloading software from F5 Networks.

For information about installing hotfixes on your FirePass, refer to SOL3430: Obtaining and installing hotfixes.