Applies To:

Show Versions Show Versions

sol7498: Cross-site scripting vulnerability in download_plugin.php3 page
Security AdvisorySecurity Advisory

Original Publication Date: 06/08/2007
Updated Date: 10/04/2010

Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to SOL4602: Overview of the F5 security vulnerability response policy.

F5 products and versions that have been evaluated for this Security Advisory

Product Affected Not Affected
BIG-IP / 3-DNS None 4.5.x
4.6.x
BIG-IP LTM None 9.x
10.x
BIG-IP GTM None 9.x
10.x
BIG-IP ASM None 9.x
10.x
BIG-IP Link Controller None 9.x
10.x
BIG-IP WebAccelerator None 9.x
10.x
BIG-IP PSM None 9.x
10.x
BIG-IP WAN Optimization None 10.x
BIG-IP APM None 10.x
BIG-IP Edge Gateway None 10.x
BIG-IP SAM None 8.0.0
FirePass 5.4.0 - 5.5.2
6.0.0 - 6.0.1  
5.0.0 - 5.2.1
6.0.2 - 6.0.3
6.1.x
7.x
Enterprise Manager None 1.x
2.x
WANJet None 3.x
4.x
5.x
WebAccelerator None 5.x

A cross-site scripting (XSS) vulnerability exists in the FirePass download_plugin.php3 page, which is accessible prior to authentication. For example:

https://firepass.siterequest.com/download_plugin.php3

The download_plugin.php3 page fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web pages or emails with URLs that include executable code or other malicious data containing a hyperlink to the vulnerable download_plugin.php3 page on the FirePass controller.

If you follow the hyperlink to the FirePass controller, the affected web page will be returned to your browser with the malicious content. This could result in malicious code execution on the client side, disclosure of sensitive information, or other exploits.

Information about this advisory is available at the following location:

http://www.procheckup.com/Vulnerability_PR07-13.php

F5 Product Development tracked this issue as CR78967 and it was fixed in FirePass version 6.0.2. For information about upgrading, refer to the FirePass Release Notes.

Obtaining and installing patches

If upgrading is not an immediate option, this vulnerability has been fixed in the following hotfixes. You can download these patches from the F5 Downloads site for the following products and versions:

Product Version Hotfix Installation File
FirePass 5.5.0 - 5.5.1 Hotfix HF-60073-78967-1 HF-60073-78967-1-5.5-ALL-0.tar.gz.enc
5.5.2 Cumulative Hotfix 552-9 HF-552-9-5.52-ALL-0.tar.gz.enc
6.0.0 Cumulative Hotfix 600-14 HF-600-14-6.0-ALL-0.tar.gz.enc
6.0.1 Cumulative Hotfix HF-601-3 HF-601-4-6.01-ALL-0.tar.gz.enc

Note: For more information about installing the hotfixes listed above, refer to the readme file on the F5 Downloads site for your version-specific hotfix.

For information about downloading software, refer to SOL167: Downloading software from F5 Networks.

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)