CVE-2007-5979

Name of the Vulnerable Software and Affected Versions F5 Firepass 4100 SSL VPN versions 5.4 through 5.5.2 F5 Firepass 4100 SSL VPN versions 6.0 through 6.0.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the backurl parameter in the download plugin.php3 file.

Recommendations For versions 5.4 through 5.5.2, avoid using the backurl parameter in the download plugin.php3 file until a fix is available. For versions 6.0 through 6.0.1, restrict access to the download plugin.php3 file to minimize the risk of exploitation.