CVE-2009-2119

Name of the Vulnerable Software and Affected Versions F5 FirePass SSL VPN versions 5.5 through 5.5.2 F5 FirePass SSL VPN versions 6.0 through 6.0.3

Description A cross-site scripting (XSS) issue exists in the login interface, specifically in the my.logon.php3 file, allowing remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.

Recommendations For F5 FirePass SSL VPN versions 5.5 through 5.5.2, update to a version outside of this range to resolve the issue. For F5 FirePass SSL VPN versions 6.0 through 6.0.3, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the my.logon.php3 file to minimize the risk of exploitation. Avoid using the xcho parameter in the affected login interface until the issue is resolved.