Vulnerability Name: CVE-2014-3959 (CCN-93636) Assigned: 2014-05-29 Published: 2014-05-29 Updated: 2016-10-19 Summary: Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-79 Vulnerability Consequences: Cross-Site Scripting References: Source: MITRECVE-2014-3959 58969 XSS vulnerability in list.jsp http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.html 67771 Multiple F5 BIG-IP and Enterprise Manager 'list.jsp' Multiple Cross Site Scripting Vulnerabilities 1030319 1030320 f5-bigip-cve20143959-xss(93636) Vulnerable Configuration: Configuration 1 :cpe:/a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_protocol_security_module:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:enterprise_manager:3.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_protocol_security_module:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:enterprise_manager:3.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:* BACK
f5 big-ip access policy manager 11.2.1
f5 big-ip access policy manager 11.5.1
f5 big-ip advanced firewall manager 11.2.1
f5 big-ip advanced firewall manager 11.5.1
f5 big-ip analytics 11.2.1
f5 big-ip analytics 11.5.1
f5 big-ip application acceleration manager 11.4.0
f5 big-ip application acceleration manager 11.5.1
f5 big-ip application security manager 11.2.1
f5 big-ip application security manager 11.5.1
f5 big-ip edge gateway 11.2.1
f5 big-ip edge gateway 11.3.0
f5 big-ip global traffic manager 11.2.1
f5 big-ip global traffic manager 11.5.1
f5 big-ip link controller 11.2.1
f5 big-ip link controller 11.5.1
f5 big-ip local traffic manager 11.2.1
f5 big-ip local traffic manager 11.5.1
f5 big-ip policy enforcement manager 11.3.0
f5 big-ip policy enforcement manager 11.5.1
f5 big-ip protocol security module 11.2.1
f5 big-ip protocol security module 11.4.1
f5 big-ip wan optimization manager 11.2.1
f5 big-ip wan optimization manager 11.3.0
f5 big-ip webaccelerator 11.2.1
f5 big-ip webaccelerator 11.3.0
f5 enterprise manager 3.0.0
f5 enterprise manager 3.1.1
f5 big-ip local traffic manager 11.2.1
f5 big-ip local traffic manager 11.5.1
f5 big-ip application acceleration manager 11.4.0
f5 big-ip application acceleration manager 11.5.1
f5 big-ip advanced firewall manager 11.2.1
f5 big-ip advanced firewall manager 11.5.1
f5 big-ip analytics 11.2.1
f5 big-ip analytics 11.5.1
f5 big-ip access policy manager 11.2.1
f5 big-ip access policy manager 11.5.1
f5 big-ip application security manager 11.2.1
f5 big-ip application security manager 11.5.1
f5 big-ip edge gateway 11.2.1
f5 big-ip edge gateway 11.3.0
f5 big-ip global traffic manager 11.2.1
f5 big-ip global traffic manager 11.5.1
f5 big-ip link controller 11.2.1
f5 big-ip link controller 11.5.1
f5 big-ip policy enforcement manager 11.3.0
f5 big-ip policy enforcement manager 11.5.1
f5 big-ip protocol security module 11.2.1
f5 big-ip protocol security module 11.4.1
f5 big-ip webaccelerator 11.2.1
f5 big-ip webaccelerator 11.3.0
f5 big-ip wan optimization manager 11.2.1
f5 big-ip wan optimization manager 11.3.0
f5 enterprise manager 3.0.0
f5 enterprise manager 3.1.1
Denotes that component is vulnerable