AskF5 | Security Advisory: SOL11795 - Pre-logon sequence vulnerability to Cross-Site Scripting

AskF5 Knowledge Base

Applies To:

Show Versions

BIG-IP LTM

10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0, 9.6.1, 9.6.0, 9.4.8, 9.4.7, 9.4.6, 9.4.5, 9.4.4, 9.4.3, 9.4.2, 9.4.1, 9.4.0, 9.3.1, 9.3.0, 9.2.5, 9.2.4, 9.2.3, 9.2.2, 9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 9.0.5, 9.0.4, 9.0.3, 9.0.2, 9.0.1, 9.0.0

BIG-IP ASM

10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0, 9.4.8, 9.4.7, 9.4.6, 9.4.5, 9.4.4, 9.4.3, 9.4.2, 9.4.1, 9.4.0, 9.3.1, 9.3.0, 9.2.5, 9.2.4, 9.2.3, 9.2.2, 9.2.0

BIG-IP GTM

10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0, 9.4.8, 9.4.7, 9.4.6, 9.4.5, 9.4.4, 9.4.3, 9.4.2, 9.4.1, 9.4.0, 9.3.1, 9.3.0, 9.2.5, 9.2.4, 9.2.3, 9.2.2

BIG-IP PSM

10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0, 9.4.8, 9.4.7, 9.4.6, 9.4.5

BIG-IP WebAccelerator

10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0, 9.4.8, 9.4.7, 9.4.6, 9.4.5, 9.4.4, 9.4.3, 9.4.2, 9.4.1, 9.4.0

BIG-IP APM

10.2.1, 10.2.0, 10.1.0

BIG-IP SAM

8.0.0

BIG-IP WOM

10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0

BIG-IP Edge Gateway

10.2.1, 10.2.0, 10.1.0

Web Accelerator 5.x

5.3.1, 5.2.0, 5.1.5, 5.1.0

FirePass

7.0.0, 6.1.0, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.5.2, 5.5.1, 5.5.0, 5.4.2, 5.4.1, 5.4.0, 5.2.2, 5.2.1, 5.2.0, 5.0.0, 5.0 FP1-3, 4.1.1, 4.1.0, 4.0.2, 4.0.1, 4.0.0, 3.1.0

ARX

5.3.1, 5.2.2, 5.2.0, 5.1.9, 5.1.7, 5.1.5, 5.1.0, 5.0.6, 5.0.5, 5.0.1, 5.0.0, 4.1.3, 4.1.1, 4.1.0, 4.0.1, 3.2.3, 3.2.2, 3.2.1, 2.7.1, 2.7.0

Data Manager

2.6.1, 2.6.0, 2.5.1, 2.5.0, 2.0.2, 2.0.1

sol11795: Pre-logon sequence vulnerability to Cross-Site Scripting

Security Advisory

Original Publication Date: 07/08/2010
Updated Date: 05/11/2011

Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to SOL4602: Overview of F5 security vulnerability response policy.

F5 products and versions that have been evaluated for this Security Advisory

Product	Affected	Not Affected
BIG-IP LTM	None	9.x 10.x
BIG-IP GTM	None	9.x 10.x
BIG-IP ASM	None	9.x 10.x
BIG-IP Link Controller	None	9.x 10.x
BIG-IP WebAccelerator	None	9.x 10.x
BIG-IP PSM	None	9.x 10.x
BIG-IP WAN Optimization	None	10.x
BIG-IP APM	None	10.x
BIG-IP Edge Gateway	None	10.x
BIG-IP SAM	None	8.0
FirePass	5.x 6.x	7.x
Enterprise Manager	None	1.x 2.x
WANJet	None	4.x 5.x
WebAccelerator	None	5.x
ARX	None	2.x 3.x 4.x 5.x

Vulnerability description and product information

Cross-site scripting (XSS) vulnerabilities exist in the FirePass pre-logon pages, which are accessible prior to authentication. The affected FirePass pages fail to fully sanitize HTTP request input before the web page content is sent to the browser. By altering the HTTP request input via the posted data, a remote attacker can potentially compromise the security of the FirePass controller.

It is possible for a remote attacker to create web pages, emails, or other media containing hyperlinks to the vulnerable FirePass web page. These hyperlinks may include executable code or other malicious data. Following one of these hyperlinks to the FirePass controller could result in malicious code execution on the client side, disclosure of sensitive information, or other exploits.

F5 Product Development tracked this issue as CR141911 and CR142333 and it was fixed in FirePass 7.0.0. For information about upgrading, refer to the FirePass release notes.

Additionally, this issue was fixed in cumulative hotfix HF-610-3-1 issued for FirePass version 6.1.0 and hotfix-116015-142333 for FirePass version 5.5.2. You may download this hotfix or later versions of the hotfix from the F5 Downloads site.

For instructions about obtaining a hotfix, refer to SOL167: Downloading software from F5.

For instructions about installing a hotfix, refer to SOL3430: Installing FirePass hotfixes.

Was this resource helpful in solving your issue?

Yes - this resource was helpful
No - this resource was not helpful
I don‘t know yet

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)

Reload Audio Image Help