K6923: LDAP and RADIUS authentication failures can reveal a valid FirePass username

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

[SA23626] FirePass URL Restriction Bypass

TITLE: FirePass URL Restriction Bypass SECUNIA ADVISORY ID: SA23626 VERIFY ADVISORY: http://secunia.com/advisories/23626/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote OPERATING SYSTEM: FirePass 6.x http://secunia.com/product/13146/ FirePass 5.x...

SOL6922 - Decimal-encoded IP address circumvents Accessibility Scope

It is possible to bypass the Deny list configured in the Accessibility Scope section of the Portal Access: Web Applications: Master Group Settings page using a URL with a decimal-encoded IP address. When you log in to the FirePass Webtop, you can enter a URL into the Webtop Address Bar if the...

SOL6592 - Cross-Site Scripting vulnerability in the logon page

A cross-site scripting XSS vulnerability exists in the FirePass logon page. The affected FirePass logout URL fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web pages or emails with URLs that include executable code or...