K11797: Pre-logon sequence vulnerability to token spoofing

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...

SOL11797 - Pre-logon sequence vulnerability to token spoofing

A vulnerability exists in the FirePass pre-logon sequence. Under certain conditions, the FirePass controller can accept the output of a pre-logon sequence check that would have been run on a different computer. This vulnerability would allow an attacker to use the pre-logon token from a workstati...

SOL7923 - Cross-site scripting vulnerability in the logon page after enabling a pre-logon sequence - CVE-2007-6704

A cross-site scripting XSS vulnerability—CVE-2007-6704—exists in the FirePass logon page when a pre-logon sequence is enabled. The affected FirePass URL fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web pages,...

SOL7164 - Execution of UNIX shell commands from a URL without authentication

A URL that is accessible without first authenticating to the FirePass controller may be modified to inject UNIX shell commands. Under certain conditions, the commands can then be executed with user-level privileges. Any attacker with access to the FirePass logon page can theoretically launch this...