Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL17201.NASLHistorySep 01, 2015 - 12:00 a.m.
F5 Networks BIG-IP : Apache HTTP server vulnerability (SOL17201)
2015-09-0100:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
71
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) ‘406 Not Acceptable’ or (2) ‘300 Multiple Choices’ HTTP response when the extension is omitted in a request for the file.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution SOL17201.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(85708);
script_version("2.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/10");
script_cve_id("CVE-2008-0455");
script_bugtraq_id(27409);
script_name(english:"F5 Networks BIG-IP : Apache HTTP server vulnerability (SOL17201)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"Cross-site scripting (XSS) vulnerability in the mod_negotiation module
in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series,
2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the
1.3.x series allows remote authenticated users to inject arbitrary web
script or HTML by uploading a file with a name containing XSS
sequences and a file extension, which leads to injection within a (1)
'406 Not Acceptable' or (2) '300 Multiple Choices' HTTP response when
the extension is omitted in a request for the file."
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K17201"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL17201."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(79);
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
script_set_attribute(attribute:"vuln_publication_date", value:"2008/01/25");
script_set_attribute(attribute:"patch_publication_date", value:"2015/08/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "SOL17201";
vmatrix = make_array();
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected" ] = make_list("11.3.0-11.4.1");
vmatrix["AFM"]["unaffected"] = make_list("11.5.0-11.6.0");
# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected" ] = make_list("11.4.0-11.4.1");
vmatrix["AM"]["unaffected"] = make_list("11.5.0-11.6.0");
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("11.0.0-11.4.1","10.1.0-10.2.4");
vmatrix["APM"]["unaffected"] = make_list("11.5.0-11.6.0");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.4.1","10.1.0-10.2.4");
vmatrix["ASM"]["unaffected"] = make_list("11.5.0-11.6.0");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.4.1");
vmatrix["AVR"]["unaffected"] = make_list("11.5.0-11.6.0");
# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected" ] = make_list("11.0.0-11.4.1","10.1.0-10.2.4");
vmatrix["GTM"]["unaffected"] = make_list("11.5.0-11.6.0");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("11.0.0-11.4.1","10.1.0-10.2.4");
vmatrix["LC"]["unaffected"] = make_list("11.5.0-11.6.0");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.4.1","10.1.0-10.2.4");
vmatrix["LTM"]["unaffected"] = make_list("11.5.0-11.6.0");
# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.4.1");
vmatrix["PEM"]["unaffected"] = make_list("11.5.0-11.6.0");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
set_kb_item(name:'www/0/XSS', value:TRUE);
if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | cpe:/a:f5:big-ip_access_policy_manager | |
| f5 | big-ip_advanced_firewall_manager | cpe:/a:f5:big-ip_advanced_firewall_manager | |
| f5 | big-ip_application_acceleration_manager | cpe:/a:f5:big-ip_application_acceleration_manager | |
| f5 | big-ip_application_security_manager | cpe:/a:f5:big-ip_application_security_manager | |
| f5 | big-ip_application_visibility_and_reporting | cpe:/a:f5:big-ip_application_visibility_and_reporting | |
| f5 | big-ip_global_traffic_manager | cpe:/a:f5:big-ip_global_traffic_manager | |
| f5 | big-ip_link_controller | cpe:/a:f5:big-ip_link_controller | |
| f5 | big-ip_local_traffic_manager | cpe:/a:f5:big-ip_local_traffic_manager | |
| f5 | big-ip_policy_enforcement_manager | cpe:/a:f5:big-ip_policy_enforcement_manager | |
| f5 | big-ip_wan_optimization_manager | cpe:/a:f5:big-ip_wan_optimization_manager |
Related
f5
f5
SOL17201 - Apache HTTP server vulnerability CVE-2008-0455
2015-08-31 00:00:00
K17201 : Apache HTTP server vulnerability CVE-2008-0455
2015-09-01 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2019-01-15 08:51:39
Arbitrary File Upload
2019-05-02 04:45:35
Access Restriction Bypass
2019-05-02 04:43:22
debiancve
debiancve
CVE-2008-0455
2008-01-25 01:00:00
ubuntucve
ubuntucve
CVE-2008-0455
2008-01-25 00:00:00
cvelist
cvelist
CVE-2008-0455
2008-01-25 00:00:00
cve
cve
CVE-2008-0455
2008-01-25 01:00:00
prion
prion
Cross site scripting
2008-01-25 01:00:00
checkpoint_advisories
checkpoint_advisories
httpd
httpd
nessus
nessus
Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities
2011-11-18 00:00:00
CentOS 5 : httpd (CESA-2013:0130)
2013-01-17 00:00:00
CentOS 6 : httpd (CESA-2013:0512)
2013-03-10 00:00:00
openvas
openvas
Apache HTTP Server XSS Vulnerability (Sep 2012) - Linux
2021-11-01 00:00:00
RedHat Update for httpd RHSA-2013:0512-02
2013-02-22 00:00:00
Oracle: Security Advisory (ELSA-2013-0130)
2015-10-06 00:00:00
redhat
redhat
(RHSA-2013:0130) Low: httpd security, bug fix, and enhancement update
2013-01-08 00:00:00
(RHSA-2013:0512) Low: httpd security, bug fix, and enhancement update
2013-02-21 00:00:00
centos
centos
httpd, mod_ssl security update
2013-01-09 20:52:40
httpd, mod_ssl security update
2013-02-27 19:35:19
fedora
fedora
[SECURITY] Fedora 17 Update: httpd-2.2.23-1.fc17
2013-02-12 04:59:23
oraclelinux
oraclelinux
httpd security, bug fix, and enhancement update
2013-01-11 00:00:00
httpd security, bug fix, and enhancement update
2013-02-22 00:00:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2008-03-11 00:00:00
Related for F5_BIGIP_SOL17201.NASL