Firepass Security Vulnerabilities and Issues — Firepass CVE List

Lucene search

F5Firepass

10 matches found

cve•added 2012/05/24 11:55 p.m.•935 views

CVE-2011-3188

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predict...

9.1CVSS8.7AI score0.023EPSS

cve•added 2020/02/21 6:15 p.m.•854 views

CVE-2013-3587

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesse...

5.9CVSS5AI score0.16073EPSS

cve•added 2013/08/09 8:56 p.m.•59 views

CVE-2013-0150

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute ...

9.3CVSS7.6AI score0.01064EPSS

cve•added 2014/10/15 2:55 p.m.•52 views

CVE-2014-2927

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote...

9.3CVSS6.6AI score0.07425EPSS

cve•added 2007/01/12 5:4 a.m.•48 views

CVE-2007-0187

F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.

7.5CVSS6.7AI score0.01165EPSS

cve•added 2007/01/12 5:4 a.m.•48 views

CVE-2007-0188

F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network res...

6.5CVSS6.3AI score0.00773EPSS

cve•added 2012/04/05 2:55 p.m.•47 views

CVE-2012-1777

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.

7.5CVSS8.4AI score0.00983EPSS

Web

cve•added 2012/04/05 2:55 p.m.•44 views

CVE-2012-2053

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vu...

7.2CVSS7AI score0.00983EPSS

cve•added 2014/02/10 6:15 p.m.•44 views

CVE-2013-6024

The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors.

4.4CVSS6AI score0.00075EPSS

cve•added 2007/01/12 5:4 a.m.•40 views

CVE-2007-0195

my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.

5CVSS6.7AI score0.00675EPSS