PT-2008-3067 · F5 · F5 Big-Ip

Nnposter

Published

2008-03-25

Updated

2018-10-30

CVE-2008-1503

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions F5 BIG-IP version 9.4.3

Description A cross-site scripting (XSS) issue exists in the web management interface, allowing remote attackers to inject arbitrary web script or HTML via the name of a node object, or the sysContact or sysLocation SNMP configuration fields. This issue might be related to cross-site request forgery (CSRF) vulnerabilities.

Recommendations For F5 BIG-IP version 9.4.3, consider disabling access to the web management interface until a fix is available, and restrict modifications to the node object, sysContact, and sysLocation SNMP configuration fields to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2008-1503

Affected Products

F5 Big-Ip

PT-2008-3067 · F5 · F5 Big-Ip

CVE-2008-1503

Weakness Enumeration

Related Identifiers

Affected Products

References · 5