CVE-2013-0150

EPSS 1.06%
Published 09.08.2013 20:56:06
Last modified 11.04.2025 00:51:21
Source cret@cert.org
Teams watchlist Login
Open Login

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a ..  (dot dot) in the filename parameter.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

F5 ≫ Big-ip Access Policy Manager Version >= 10.1.0 <= 10.2.4

F5 ≫ Big-ip Access Policy Manager Version >= 11.0.0 <= 11.3.0

F5 ≫ Big-ip Advanced Firewall Manager Version11.3.0

F5 ≫ Big-ip Analytics Version >= 11.0.0 <= 11.3.0

F5 ≫ Big-ip Application Security Manager Version >= 10.1.0 <= 10.2.4

F5 ≫ Big-ip Application Security Manager Version >= 11.0.0 <= 11.3.0

F5 ≫ Big-ip Edge Gateway Version >= 10.1.0 <= 10.2.4

F5 ≫ Big-ip Edge Gateway Version >= 11.0.0 <= 11.3.0

F5 ≫ Big-ip Global Traffic Manager Version >= 10.1.0 <= 10.2.4

F5 ≫ Big-ip Global Traffic Manager Version >= 11.0.0 <= 11.3.0

F5 ≫ Big-ip Link Controller Version >= 10.1.0 <= 10.2.4

F5 ≫ Big-ip Link Controller Version >= 11.0.0 <= 11.3.0

F5 ≫ Big-ip Local Traffic Manager Version >= 10.1.0 <= 10.2.4

F5 ≫ Big-ip Local Traffic Manager Version >= 11.0.0 <= 11.3.0

F5 ≫ Big-ip Policy Enforcement Manager Version11.3.0

F5 ≫ Big-ip Protocol Security Module Version >= 10.1.0 <= 10.2.4

F5 ≫ Big-ip Protocol Security Module Version >= 11.0.0 <= 11.3.0

F5 ≫ Big-ip Wan Optimization Manager Version >= 10.1.0 <= 10.2.4

F5 ≫ Big-ip Wan Optimization Manager Version >= 11.0.0 <= 11.3.0

F5 ≫ Big-ip Webaccelerator Version >= 10.1.0 <= 10.2.4

F5 ≫ Big-ip Webaccelerator Version >= 11.0.0 <= 11.3.0

F5 ≫ Firepass Version >= 6.0.0 <= 6.1.0

F5 ≫ Firepass Version7.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.06%	0.767

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://secunia.com/advisories/53477

Vendor Advisory

Not Applicable

http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html

Vendor Advisory

https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-0150

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0150

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0150

EUVD