SOL8186 - Cross-site scripting vulnerability in Apache mod_imap CVE-2007-5000

2007-12-27T00:00:00
ID SOL8186
Type f5
Reporter f5
Modified 2013-03-19T00:00:00

Description

F5 Product Development has determined the likelihood of exploitation is low for the cross-site scripting (XSS) vulnerability disclosed in CVE-2007-5000. Exploiting this vulnerability would require an administrator of an F5 device to interact with a web page crafted by an attacker. Possible attacks could include recovering that administrator or operator's password to the BIG-IP.

Note: The BIG-IP system ships with the mod_imap module, however the BIG-IP Configuration utility does not use or rely on mod_imap.

Information about this advisory is available at the following location:

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000>

F5 Product Development tracked this issue as CR59618 and it was fixed in BIG-IP 9.3.0 and 9.4.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller, and WebAccelerator release notes.

Workaround

If you are using a vulnerable version and upgrading is not an immediate option, you can disable mod_imap by performing the following procedure:

  1. Log in to the command line.
  2. Change directories to the /config/httpd/conf directory by typing the following command:

cd /config/httpd/conf 3. Open the httpd.conf file with a file editor and comment out the mod_imap entry by inserting # at the beginning of the following line:

LoadModule imap_module modules/mod_imap.so

  1. Save the httpd.conf file.
  2. Restart the httpd daemon by typing the following command:

bigstart restart httpd