Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3959

Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Published

2014-06-03T14:55:11.490

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	big-ip_access_policy_manager	11.2.1	Yes
Application	f5	big-ip_access_policy_manager	11.5.1	Yes
Application	f5	big-ip_advanced_firewall_manager	11.2.1	Yes
Application	f5	big-ip_advanced_firewall_manager	11.5.1	Yes
Application	f5	big-ip_analytics	11.2.1	Yes
Application	f5	big-ip_analytics	11.5.1	Yes
Application	f5	big-ip_application_acceleration_manager	11.4.0	Yes
Application	f5	big-ip_application_acceleration_manager	11.5.1	Yes
Application	f5	big-ip_application_security_manager	11.2.1	Yes
Application	f5	big-ip_application_security_manager	11.5.1	Yes
Application	f5	big-ip_edge_gateway	11.2.1	Yes
Application	f5	big-ip_edge_gateway	11.3.0	Yes
Application	f5	big-ip_global_traffic_manager	11.2.1	Yes
Application	f5	big-ip_global_traffic_manager	11.5.1	Yes
Application	f5	big-ip_link_controller	11.2.1	Yes
Application	f5	big-ip_link_controller	11.5.1	Yes
Application	f5	big-ip_local_traffic_manager	11.2.1	Yes
Application	f5	big-ip_local_traffic_manager	11.5.1	Yes
Application	f5	big-ip_policy_enforcement_manager	11.3.0	Yes
Application	f5	big-ip_policy_enforcement_manager	11.5.1	Yes
Application	f5	big-ip_protocol_security_module	11.2.1	Yes
Application	f5	big-ip_protocol_security_module	11.4.1	Yes
Application	f5	big-ip_wan_optimization_manager	11.2.1	Yes
Application	f5	big-ip_wan_optimization_manager	11.3.0	Yes
Application	f5	big-ip_webaccelerator	11.2.1	Yes
Application	f5	big-ip_webaccelerator	11.3.0	Yes
Application	f5	enterprise_manager	3.0.0	Yes
Application	f5	enterprise_manager	3.1.1	Yes

References

http://secunia.com/advisories/58969 ([email protected])
http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.html Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/67771 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1030319 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1030320 Third Party Advisory, VDB Entry ([email protected])
http://secunia.com/advisories/58969 (af854a3a-2127-422b-91ae-364da2661108)
http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/67771 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1030319 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1030320 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)