BIG-IP "echo.jsp" Cross Site Scripting Vulnerability


Description   A cross-site scripting vulnerability has been identified in BIG-IP.
A remote attacker could exploit it by inciting their victim into following a specially crafted URL in order to execute arbitrary HTML/JavaScript code.
This vulnerability is located in "tmui/dashboard/echo.jsp" used for configuration utility.
     
Vulnerable Products   Vulnerable OS:
BIG-IP ASM (F5) - 10.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, ..., 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5BIG-IP GTM (F5) - 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, ..., 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5BIG-IP LTM (F5) - 10.1.0, 10.2.0, 10.2.1, 10.2.1 HF1, 10.2.1 HF2, ..., 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5BIG-IP Link Controller (F5) - 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, ..., 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5BIG-IP WebAccelerator module (F5) - 10.1.0, 10.2.0, 10.2.1, 10.2.1 HF1, 10.2.1 HF2, ..., 11.3.0 HF5, 11.3.0 HF6, 11.3.0 HF7, 11.3.0 HF8, 11.3.0 HF9Enterprise Manager (F5) - 2.1.0, 2.1.0-HF1, 2.1.0-HF2, 2.2.0, 2.2.0-HF1, ..., 3.0.0, 3.1.0, 3.1.1, 3.1.1 HF1, 3.1.1 HF2Vulnerable Software:
     
Solution   F5 has released version 10.2.4 HF12 of the following products which fixes this vulnerability:- BIG-IP LTM- BIG-IP GTM- BIG-IP Link Controller- BIG-IP ASM- BIG-IP WebAccelerator.
     
CVE   CVE-2014-4023
     
References   - Sol15532: XSS vulnerability in echo.jsp CVE-2014-4023
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - POST : suspicious tag with event found in data
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
3.2.0
XSS - Prevention - POST : 'location' javascript object found in data
3.2.0
XSS - Prevention - POST : javascript code found in data
3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
3.2.0
XSS - Prevention - POST : code allowing cookie access found in data
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data
3.2.0
XSS - Prevention - POST : 'script' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2014-08-25 

 Target Type 
Server 

 Possible exploit 
Remote