CVE-2013-0150

Published Aug 9, 2013

Last updated a year ago

CVSS info 9.3

Overview

Description: Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
Source: cret@cert.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79618AB4-7A8E-4488-8608-57EC2F8681FE",
            "versionEndIncluding": "10.2.4",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "384E40E2-6A1E-41EE-9075-C3D4E4C9DF3D",
            "versionEndIncluding": "11.3.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7507BDFF-5B52-4A06-9F8C-2B6F3958162A"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA3E5454-D0E6-4BF9-B95F-A43ECE1A4C66",
            "versionEndIncluding": "11.3.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84B339AC-E904-4D62-81B6-61E1899F6855",
            "versionEndIncluding": "10.2.4",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD998E02-0896-4970-8BF7-2D2A3EF3FD7B",
            "versionEndIncluding": "11.3.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8347412-DC42-4B86-BF6E-A44A5E1541ED",
            "versionEndIncluding": "10.2.4",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8942D9D-8E3A-4876-8E93-ED8D201FF546",
            "versionEndIncluding": "11.3.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70E5E739-25AE-4A53-A756-A7189C785AD9",
            "versionEndIncluding": "10.2.4",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC253328-767A-4DC9-85FB-E8E5666B916B",
            "versionEndIncluding": "11.3.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AD005AD-AC65-44D1-8DB0-86B8D7F8ABE3",
            "versionEndIncluding": "10.2.4",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64C91648-A64F-4D8A-9F60-DEE6CA181A87",
            "versionEndIncluding": "11.3.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43A25E12-3EDE-4984-9006-1FBCB1977F2C",
            "versionEndIncluding": "10.2.4",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E675191C-CA97-4F56-949A-DF2180C2C9F0",
            "versionEndIncluding": "11.3.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CA52816-C4B7-4B1E-A950-EE9B571CB06B"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51E532C1-88C1-461F-9563-E74C0DCFBCBD",
            "versionEndIncluding": "10.2.4",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A97C7ACA-7D67-49C1-BA1E-256CD9E337D8",
            "versionEndIncluding": "11.3.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2F00612-6DDC-448F-AF3F-5869A5EDF95B",
            "versionEndIncluding": "10.2.4",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68BC025A-D45E-45FB-A4E4-1C89320B5BBE",
            "versionEndIncluding": "11.3.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99AC375E-C787-4D10-9062-36548041E343",
            "versionEndIncluding": "10.2.4",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C75978B-566B-4353-8716-099CB8790EE0",
            "versionEndIncluding": "11.3.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15CE213B-F42C-4C2E-AFBD-852AB049FF8A",
            "versionEndIncluding": "6.1.0",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "442D343A-973B-4C33-B99B-1EA2B7670DE5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References