CVE-2013-5976

Name of the Vulnerable Software and Affected Versions F5 BIG-IP APM versions 10.1.0 through 10.2.4 F5 BIG-IP APM versions 11.1.0 through 11.3.0

Description A cross-site scripting (XSS) issue exists in the access policy logout page, specifically in the logout.inc file. This allows remote attackers to inject arbitrary web script or HTML via the LastMRH Session cookie.

Recommendations For versions 10.1.0 through 10.2.4, update to a version outside of this range to resolve the issue. For versions 11.1.0 through 11.3.0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the logout.inc file in the access policy logout page until a patch is available.