Vulnerability CVE-2007-6704

Vulnerability Name:

CVE-2007-6704 (CCN-38785)

Assigned:

2007-11-30

Published:

2007-11-30

Updated:

2018-10-15

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Fri Nov 30 2007 - 04:51:53 CST
PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script

Source: MITRE
Type: CNA
CVE-2007-6704

Source: CCN
Type: SA27904
F5 FirePass 4100 SSL VPN Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27904

Source: SREASON
Type: UNKNOWN
3712

Source: CCN
Type: SECTRACK ID: 1019031
F5 FirePass Input Validation Holes in 'my.logon.php3' and 'my.activation.php3' Permit Cross-Site Scripting Attacks

Source: OSVDB
Type: UNKNOWN
38980

Source: OSVDB
Type: UNKNOWN
38981

Source: CCN
Type: OSVDB ID: 38980
F5 FirePass 4100 SSL VPN my.activation.php3 URL XSS

Source: CCN
Type: OSVDB ID: 38981
F5 FirePass 4100 SSL VPN my.logon.php3 URL XSS

Source: MISC
Type: UNKNOWN
http://www.procheckup.com/Vulnerability_PR07-14.php

Source: MISC
Type: Exploit
http://www.procheckup.com/Vulnerability_PR07-15a.php

Source: BUGTRAQ
Type: UNKNOWN
20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script

Source: BUGTRAQ
Type: UNKNOWN
20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script

Source: BUGTRAQ
Type: UNKNOWN
20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script

Source: BID
Type: UNKNOWN
26659

Source: CCN
Type: BID-26659
F5 Networks FirePass 4100 SSL VPN My.Logon.PHP3 Cross-Site Scripting Vulnerability

Source: BID
Type: UNKNOWN
26661

Source: CCN
Type: BID-26661
F5 Networks FirePass 4100 SSL VPN Download_Plugin.PHP3 Cross-Site Scripting Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019031

Source: XF
Type: UNKNOWN
firepass-myactivation-xss(38785)

Source: XF
Type: UNKNOWN
firepass-myactivation-xss(38785)

Source: XF
Type: UNKNOWN
firepass-mylogonphp3-xss(38795)

Source: CONFIRM
Type: UNKNOWN
https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html

Source: CCN
Type: F5 Networks, Inc. Web site
F5

Vulnerable Configuration:

Configuration 1:

cpe:/h:f5:firepass_4100:5.4.1:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:5.4.2:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:5.4.3:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:5.4.4:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:5.4.5:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:5.4.6:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:5.4.7:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:5.4.8:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:5.4.9:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:5.5.0:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:5.5.1:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:5.5.2:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:6.0:*:*:*:*:*:*:*

OR cpe:/h:f5:firepass_4100:6.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2007-6704 (CCN-38795)

Assigned:

2007-11-30

Published:

2007-11-30

Updated:

2007-11-30

Summary:

F5 Networks FirePass 4100 SSL VPN is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the my.logon.php3 script. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):