10 matches found
CVE-2011-3188
CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...
CVE-2013-3587
CVE-2013-3587 (BREACH) concerns TLS/SSL data compression leaks where compressed HTTPS responses reveal plaintext by observing size differences. The linked documents confirm this is a BREACH-type issue affecting HTTPS with HTTP compression, not tied to a single product. Mitigations documented incl...
CVE-2013-0150
CVE-2013-0150 is a directory-traversal flaw in client-side signed components used by F5 BIG-IP APM (versions 10.1.0–10.2.4, 11.0.0–11.3.0) and FirePass (6.0.0–6.1.0, 7.0.0) when APM is provisioned. The vulnerability allows a remote attacker to upload and execute arbitrary files by supplying a fil...
CVE-2014-2927
F5 BIG-IP ConfigSync rsync vulnerability (CVE-2014-2927) allows unauthenticated remote read/write via the ConfigSync IP in failover mode. Affected: BIG-IP LTM and multiple modules (and Enterprise Manager 3.x) across versions from 11.0.0 up to 11.5.1 (including HF3/HF4 and related revisions) and 3...
CVE-2012-1777
CVE-2012-1777 affects F5 FirePass: SQL injection in the web interface (my.activation.php3) that allows an unauthenticated remote attacker to execute arbitrary SQL through the state parameter. Affected products/versions per the advisory: FirePass 6.0.0–6.1.0 and 7.0.0. The issue is caused by insuf...
CVE-2007-0188
CVE-2007-0188 affects F5 FirePass 5.4 through 5.5.1. Affected component is the host access restriction mechanism when a client uses a single integer (dotless) IP address; this allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. T...
CVE-2013-6024
CVE-2013-6024 affects BIG-IP Edge Client components (BIG-IP APM, Edge Gateway, and FirePass) and allows a local attacker to obtain sensitive information from memory via unspecified vectors. Base CVSS v2.0 score is 4.4 (Medium); exploitation requires local privileges on the client. The issue is li...
CVE-2007-0187
CVE-2007-0187 affects F5 FirePass 5.4–5.5.2 and 6.0. Remote attackers can access restricted URLs by bypassing checks through (1) trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory chars, or (5) upper-case domain letters. T...
CVE-2012-2053
Summary: CVE-2012-2053 affects F5 FirePass 6.0.0–6.1.0 and 7.0.0, where the sudoers configuration allows passwordless sudo for root, enabling local privilege escalation if an attacker gains OS access (e.g., via a PHP-executing user). The issue is a separate vulnerability from CVE-2012-1777. Root ...
CVE-2007-0195
CVE-2007-0195 affects F5 FirePass 5.4–5.5.1 and 6.0. The issue is that authentication error messages differ between valid and invalid usernames, enabling remote attackers to confirm the existence of LDAP accounts. The connected documents confirm the affected product/versions and the exploitation ...