SOL8602 - Cross-site scripting (XSS) vulnerability viewing logs from the web management interface

2008-04-13T00:00:00
ID SOL8602
Type f5
Reporter f5
Modified 2016-07-25T00:00:00

Description

To prevent exposure to this vulnerability do not select any unknown or suspicious content when viewing log files using the BIG-IP or Enterprise Manager web management interface. To view log files from the command line, access the device using an SSH client.

Note: Because exploitation of this vulnerability requires an authenticated user, F5 considers this to be a local vulnerability.

F5 Product Development tracked this issue as CR96889, and it was fixed in BIG-IP 10.0.0 and Enterprise Manager 1.8.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, PSM, Link Controller, WebAccelerator or Enterprise Manager release notes.

For additional information about this advisory, refer to the following articles:

<http://www.securityfocus.com/archive/1/489991>

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7032>