PT-2006-2366 · F5 · F5 Firepass 4100 Ssl Vpn

Published

2006-03-22

Updated

2018-10-18

CVE-2006-1357

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions F5 Firepass 4100 SSL VPN version 5.4.2

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the s parameter in the my.support.php3 file. This could potentially lead to unauthorized actions on the affected system.

Recommendations For F5 Firepass 4100 SSL VPN version 5.4.2, avoid using the s parameter in the my.support.php3 file until a fix is available. As a temporary workaround, consider restricting access to the my.support.php3 file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1357

Affected Products

F5 Firepass 4100 Ssl Vpn

PT-2006-2366 · F5 · F5 Firepass 4100 Ssl Vpn

CVE-2006-1357

Related Identifiers

Affected Products

References · 9