fkie_cve-2007-0187
Vulnerability from fkie_nvd
Published
2007-01-12 05:04
Modified
2025-04-09 00:30
Severity ?
Summary
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2007-01/0141.html
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html
cve@mitre.orghttp://osvdb.org/39167
cve@mitre.orghttp://secunia.com/advisories/23626
cve@mitre.orghttp://secunia.com/advisories/23640
cve@mitre.orghttp://www.mnin.org/advisories/2007_firepass.pdf
cve@mitre.orghttp://www.securityfocus.com/bid/21957
cve@mitre.orghttps://tech.f5.com/home/solutions/sol6916.html
cve@mitre.orghttps://tech.f5.com/home/solutions/sol6924.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0141.html
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/39167
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23626
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23640
af854a3a-2127-422b-91ae-364da2661108http://www.mnin.org/advisories/2007_firepass.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21957
af854a3a-2127-422b-91ae-364da2661108https://tech.f5.com/home/solutions/sol6916.html
af854a3a-2127-422b-91ae-364da2661108https://tech.f5.com/home/solutions/sol6924.html
Impacted products
Vendor Product Version
f5 firepass 5.4
f5 firepass 5.4.1
f5 firepass 5.4.2
f5 firepass 5.4.3
f5 firepass 5.4.4
f5 firepass 5.4.5
f5 firepass 5.4.6
f5 firepass 5.4.7
f5 firepass 5.4.8
f5 firepass 5.4.9
f5 firepass 5.5
f5 firepass 5.5.1
f5 firepass 5.5.2
f5 firepass 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1F4903-B7FB-4F0E-A4F0-5BC813F5BA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7A44F4-212D-445E-A283-8CC68C7415DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BEFC14C-CD35-43BD-BCC9-CD437DAC688D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAE893BF-A7DA-4FEC-9290-0FD202EC0D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3347FD7A-49F6-464B-A3DA-4D9DD8B0955C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "34DE479A-5D1B-4A21-94AE-D613BA9E6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9767F21-1539-4313-B2DA-2D368CADDA66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0286D438-6F1B-4D91-9A5B-CF12FEDDF427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ADF9E53-79F7-4678-A599-20385EEF993C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E646309D-AAF0-48D7-B8FF-A57DFAADCF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "186F19A2-C1F4-4D87-828B-6825B89F9C9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48D051A9-891E-4C1F-904C-058B37F95441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4982DC66-27A6-4A23-A8C7-CF3CC4A5F2BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDC49A3-D95D-4DDA-AAFD-4C58C7BA5042",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name."
    },
    {
      "lang": "es",
      "value": "F5 FirePass 5.4 hasta 5.5.2 y 6.0 permite a atacantes remotos acceder a URL\u0027s restringidas mediante (1) en un byte nulo al final, (2) m\u00faltiples barras iniciales, (3) codificaci\u00f3n Unicode , (4) curte de directorios URL-encoded \u00f3 caracteres de mismo directorio, \u00f3 (5) letras may\u00fasculas en el nombre de dominio."
    }
  ],
  "id": "CVE-2007-0187",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-12T05:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0141.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/39167"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23626"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23640"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mnin.org/advisories/2007_firepass.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21957"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://tech.f5.com/home/solutions/sol6916.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://tech.f5.com/home/solutions/sol6924.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0141.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/39167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mnin.org/advisories/2007_firepass.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://tech.f5.com/home/solutions/sol6916.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://tech.f5.com/home/solutions/sol6924.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.