CVE-2013-0150
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD
Description
Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
Affected (23)
Products: F5: Big Ip Access Policy Manager, Big Ip Advanced Firewall Manager, Big Ip Analytics, Big Ip Application Security Manager, Big Ip Edge Gateway, Big Ip Global Traffic Manager, Big Ip Link Controller, Big Ip Local Traffic Manager, Big Ip Policy Enforcement Manager, Big Ip Protocol Security Module, Big Ip Wan Optimization Manager, Big Ip Webaccelerator, Firepass
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 10.1.0 to 10.2.4 | |
| Version 11.3.0 | |
| From 11.0.0 to 11.3.0 | |
| From 10.1.0 to 10.2.4 | |
| From 10.1.0 to 10.2.4 | |
| From 10.1.0 to 10.2.4 | |
| From 10.1.0 to 10.2.4 | |
| From 10.1.0 to 10.2.4 | |
| Version 11.3.0 | |
| From 10.1.0 to 10.2.4 | |
| From 10.1.0 to 10.2.4 | |
| From 10.1.0 to 10.2.4 | |
| From 6.0.0 to 6.1.0 |
References (6)
Source: cret@cert.org
Vendor Advisory
Source: cret@cert.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not ApplicableVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.