BIG-IP Application Security Manager Input Validation Hole in '/dms/policy/rep_request.php' Permits Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1019276
|
|
SecurityTracker URL: http://securitytracker.com/id?1019276
|
|
CVE Reference: CVE-2008-0539
(Links to External Site)
|
Updated: Feb 17 2008
|
Original Entry Date: Jan 28 2008
|
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Exploit Included: Yes
|
Version(s): 9.4.3; possibly other versions
|
Description: A vulnerability was reported in BIG-IP Application Security Manager. A remote user can conduct cross-site scripting attacks.
The '/dms/policy/rep_request.php' script does not properly filter HTML code from user-supplied input in the 'report_type' parameter
before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target authenticated administrative
user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running
the BIG-IP software and will run in the security context of that site. As a result, the code will be able to access the target
user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target
user via web form to the site, or take actions on the site acting as the target user.
A demonstration exploit URL is provided:
https://[target]/dms/policy/rep_reque
st.php?report_type=%22%3E%3Cbody+onload=alert(%26quot%3BXSS%26quot%3B)%3E%3Cfoo+
nnposter reported this vulnerability.
|
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the
BIG-IP software, access data recently submitted by the target user via web form to the site, or take actions on the site acting
as the target user.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.f5.com/ (Links to External Site)
|
Cause: Input validation error
|
Reported By: nnposter@disclosed.not
|
Message History:
None.
|
Source Message Contents
|
Date: 26 Jan 2008 04:56:47 -0000
From: nnposter@disclosed.not
Subject: F5 BIG-IP Web Management ASM Security Report XSS
|
F5 BIG-IP Web Management ASM Security Report XSS
Product: F5 BIG-IP Application Security Manager
http://www.f5.com/products/big-ip/product-modules/application-security-manager.html
The F5 BIG-IP ASM web management interface contains a cross-site scripting vulnerability in the Secur
ity Report function. Parameter
report_type in page /dms/policy/rep_request.php is not sanitized before it gets embedded in the HTML
output as a hidden form value.
Example:
https://(target)/dms/policy/rep_request.php?report_type=%22%3E%3Cbody+onload=alert(%26quot%3BXSS%26qu
ot%3B)%3E%3Cfoo+
The vulnerability has been identified in version 9.4.3. However, other versions may be also affected.
Solution:
Administrators should not browse untrusted sites while logged into the BIG-IP web management interfac
e. It is not possible to log
out of the interface so it is important to shut down the browser after the interface is no longer ne
eded. Closing the interface browser
window or removing the BIG-IP cookie is not sufficient.
Found by:
nnposter
|
|
