BugTraq
SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting Aug 28 2014 10:32AM
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20140828-0 >
=======================================================================
title: Reflected Cross-Site Scripting
product: F5 BIG-IP
vulnerable version: <= 11.5.1
fixed version: > 11.6.0
impact: Medium
CVE number: CVE-2014-4023
homepage: https://f5.com/
found: 2014-07-07
by: Stefan Viehböck
SEC Consult Vulnerability Lab
https://www.sec-consult.com
=======================================================================

Vendor/product description:
- -----------------------------
"The BIG-IP product suite is a system of application delivery services that
work together on the same best-in-class hardware platform or software virtual
instance. From load balancing and service offloading to acceleration and
security, the BIG-IP system delivers agility?and ensures your applications
are fast, secure, and available."

URL: https://f5.com/products/big-ip

Vulnerability overview/description:
- -----------------------------------
BIG-IP suffers from a reflected Cross-Site Scripting vulnerability,
which allow an attacker to steal other users sessions, to impersonate other
users and to gain unauthorized access to the admin interface.

Proof of concept:
- -----------------
The following HTTP request triggers the vulnerability:

POST /tmui/dashboard/echo.jsp HTTP/1.1
Host: BIGIP
Cookie: BIGIPAuthCookie=*VALID_COOKIE*
Content-Length: 29

<script>alert('xss')</script>

The server does not properly encode user supplied information and returns it
to the user resulting in Cross-Site Scripting.

Vulnerable / tested versions:
- -----------------------------
More information can be found at:
https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html

Vendor contact timeline:
- ------------------------
2014-07-08: Sending advisory and proof of concept exploit via encrypted
channel.
2014-07-09: Vendor confirms receipt of advisory. States that fix will be
released in the "next 6 weeks or so"
2014-07-24: Vendor provides CVE: CVE-2014-4023
2014-08-26: Vendor releases fixed version.
2014-08-28: SEC Consult releases a coordinated security advisory.

Solution:
- ---------
Update to the newest version.

More information can be found at:
https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html

Workaround:
- -----------
No workaround available.

Advisory URL:
- -------------
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab

SEC Consult
Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius

Headquarter:
Mooslackengasse 17, 1190 Vienna, Austria
Phone: +43 1 8903043 0
Fax: +43 1 8903043 15

Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult

Interested in working with the experts of SEC Consult?
Write to career (at) sec-consult (dot) com [email concealed]

EOF Stefan Viehböck / @2014
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJT/wVOAAoJECyFJyAEdlkKq9cIAKX9MEOpw8p9i8KWZXmkBiBr
S3n9YPNk6bbGbm+YfNCvXvtdSTPhh4I1wBY/WYWENpnQrwdiJ3couS5f2/DQzHTP
uCROxpmtxY1bokMS+ZHOPeGECk8RFr03kBZtGrF2cdGLWzBv7l+CnmopS8lnDVsw
44/R5hj3OdZxhD3btFLXss1RPbUDU1vGV9KpDgJmsssS5pzvG9I2T9xGibd0zBIA
WGA5jjGFitfQwDaxvqoocKgmBG2o3nQpdCShlaRiFklVJQYT1J+w/TWA1OOWZmxs
91m6C9fqAqgeIjmFSOE5c/rpiw7MdzH46yUzoVhbqm6wKcngLDDmZDuqPwaqH18=
=RsbU
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus