SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting

2014-09-0200:00:00

vulners.com

JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20140828-0 >

          title: Reflected Cross-Site Scripting
        product: F5 BIG-IP

vulnerable version: <= 11.5.1
fixed version: > 11.6.0
impact: Medium
CVE number: CVE-2014-4023
homepage: https://f5.com/
found: 2014-07-07
by: Stefan Viehbock
SEC Consult Vulnerability Lab
https://www.sec-consult.com

Vendor/product description:

"The BIG-IP product suite is a system of application delivery services that
work together on the same best-in-class hardware platform or software virtual
instance. From load balancing and service offloading to acceleration and
security, the BIG-IP system delivers agility—and ensures your applications
are fast, secure, and available."

URL: https://f5.com/products/big-ip

Vulnerability overview/description:

BIG-IP suffers from a reflected Cross-Site Scripting vulnerability,
which allow an attacker to steal other users sessions, to impersonate other
users and to gain unauthorized access to the admin interface.

Proof of concept:

The following HTTP request triggers the vulnerability:

POST /tmui/dashboard/echo.jsp HTTP/1.1
Host: BIGIP
Cookie: BIGIPAuthCookie=VALID_COOKIE
Content-Length: 29

The server does not properly encode user supplied information and returns it
to the user resulting in Cross-Site Scripting.

Vulnerable / tested versions:

More information can be found at:
https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html

Vendor contact timeline:

2014-07-08: Sending advisory and proof of concept exploit via encrypted
channel.
2014-07-09: Vendor confirms receipt of advisory. States that fix will be
released in the "next 6 weeks or so"
2014-07-24: Vendor provides CVE: CVE-2014-4023
2014-08-26: Vendor releases fixed version.
2014-08-28: SEC Consult releases a coordinated security advisory.

Solution:

Update to the newest version.

More information can be found at:
https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html

Workaround:

No workaround available.

Advisory URL:

https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm

SEC Consult Vulnerability Lab

SEC Consult
Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius

Headquarter:
Mooslackengasse 17, 1190 Vienna, Austria
Phone:   +43 1 8903043 0
Fax:     +43 1 8903043 15

Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult

Interested in working with the experts of SEC Consult?
Write to [email protected]

EOF Stefan Viehbock / @2014
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 &#40;MingW32&#41;
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJT/wVOAAoJECyFJyAEdlkKq9cIAKX9MEOpw8p9i8KWZXmkBiBr
S3n9YPNk6bbGbm+YfNCvXvtdSTPhh4I1wBY/WYWENpnQrwdiJ3couS5f2/DQzHTP
uCROxpmtxY1bokMS+ZHOPeGECk8RFr03kBZtGrF2cdGLWzBv7l+CnmopS8lnDVsw
44/R5hj3OdZxhD3btFLXss1RPbUDU1vGV9KpDgJmsssS5pzvG9I2T9xGibd0zBIA
WGA5jjGFitfQwDaxvqoocKgmBG2o3nQpdCShlaRiFklVJQYT1J+w/TWA1OOWZmxs
91m6C9fqAqgeIjmFSOE5c/rpiw7MdzH46yUzoVhbqm6wKcngLDDmZDuqPwaqH18=
=RsbU
-----END PGP SIGNATURE-----