Lucene search
K
F5Firepass

10 matches found

CVE
CVE
added 2012/05/24 11:0 p.m.972 views

CVE-2011-3188

CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...

9.1CVSS8.7AI score0.05689EPSS
CVE
CVE
added 2020/02/21 5:11 p.m.911 views

CVE-2013-3587

CVE-2013-3587 (BREACH) concerns TLS/SSL data compression leaks where compressed HTTPS responses reveal plaintext by observing size differences. The linked documents confirm this is a BREACH-type issue affecting HTTPS with HTTP compression, not tied to a single product. Mitigations documented incl...

5.9CVSS5AI score0.06049EPSS
CVE
CVE
added 2013/08/09 6:0 p.m.71 views

CVE-2013-0150

CVE-2013-0150 is a directory-traversal flaw in client-side signed components used by F5 BIG-IP APM (versions 10.1.0–10.2.4, 11.0.0–11.3.0) and FirePass (6.0.0–6.1.0, 7.0.0) when APM is provisioned. The vulnerability allows a remote attacker to upload and execute arbitrary files by supplying a fil...

9.3CVSS7.6AI score0.06316EPSS
CVE
CVE
added 2014/10/15 2:0 p.m.68 views

CVE-2014-2927

F5 BIG-IP ConfigSync rsync vulnerability (CVE-2014-2927) allows unauthenticated remote read/write via the ConfigSync IP in failover mode. Affected: BIG-IP LTM and multiple modules (and Enterprise Manager 3.x) across versions from 11.0.0 up to 11.5.1 (including HF3/HF4 and related revisions) and 3...

9.3CVSS6.6AI score0.0792EPSS
CVE
CVE
added 2012/04/04 10:0 a.m.61 views

CVE-2012-1777

CVE-2012-1777 affects F5 FirePass: SQL injection in the web interface (my.activation.php3) that allows an unauthenticated remote attacker to execute arbitrary SQL through the state parameter. Affected products/versions per the advisory: FirePass 6.0.0–6.1.0 and 7.0.0. The issue is caused by insuf...

7.5CVSS8.4AI score0.02327EPSS
Web
CVE
CVE
added 2007/01/11 2:0 a.m.60 views

CVE-2007-0188

CVE-2007-0188 affects F5 FirePass 5.4 through 5.5.1. Affected component is the host access restriction mechanism when a client uses a single integer (dotless) IP address; this allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. T...

6.5CVSS6.3AI score0.01311EPSS
CVE
CVE
added 2014/02/10 5:0 p.m.60 views

CVE-2013-6024

CVE-2013-6024 affects BIG-IP Edge Client components (BIG-IP APM, Edge Gateway, and FirePass) and allows a local attacker to obtain sensitive information from memory via unspecified vectors. Base CVSS v2.0 score is 4.4 (Medium); exploitation requires local privileges on the client. The issue is li...

4.4CVSS6AI score0.00357EPSS
CVE
CVE
added 2007/01/11 2:0 a.m.59 views

CVE-2007-0187

CVE-2007-0187 affects F5 FirePass 5.4–5.5.2 and 6.0. Remote attackers can access restricted URLs by bypassing checks through (1) trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory chars, or (5) upper-case domain letters. T...

7.5CVSS6.7AI score0.03618EPSS
CVE
CVE
added 2012/04/04 10:0 a.m.58 views

CVE-2012-2053

Summary: CVE-2012-2053 affects F5 FirePass 6.0.0–6.1.0 and 7.0.0, where the sudoers configuration allows passwordless sudo for root, enabling local privilege escalation if an attacker gains OS access (e.g., via a PHP-executing user). The issue is a separate vulnerability from CVE-2012-1777. Root ...

7.2CVSS7AI score0.0048EPSS
CVE
CVE
added 2007/01/11 2:0 a.m.52 views

CVE-2007-0195

CVE-2007-0195 affects F5 FirePass 5.4–5.5.1 and 6.0. The issue is that authentication error messages differ between valid and invalid usernames, enabling remote attackers to confirm the existence of LDAP accounts. The connected documents confirm the affected product/versions and the exploitation ...

5CVSS6.7AI score0.01442EPSS