Internet threat level: 1
Home→Descriptions→SA50561
F5 BIG-IP ASM Traffic Overview Page Script Insertion Vulnerability
| Secunia ID | |
| CVE-ID | |
| Release Date |
11 Sep 2012 |
| Last Change |
03 Oct 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Where | |
| Impact |
Cross-Site ScriptingCross-Site Scripting vulnerabilities allow a third party to manipulate the content or behaviour of a web application in a user's browser, without compromising the underlying system. Different Cross-Site Scripting related vulnerabilities are also classified under this category, including "script insertion" and "cross-site request forgery". Cross-Site Scripting vulnerabilities are often used against specific users of a website to steal their credentials or to conduct spoofing attacks. |
| Description |
Dell SecureWorks has reported a vulnerability in F5 BIG-IP ASM, which can be exploited by malicious people to conduct script insertion attacks. Certain input passed to the traffic overview page is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected device when the malicious data is viewed. The vulnerability is reported in versions 10.0.0 through 11.2.0 HF2. |
| Solution |
Update to a fixed version. See the vendor's advisory for more information. |
| Reported by |
Roger Webyss, Dell SecureWorks. |
| Original Advisory |
F5: Dell SecureWorks: |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.