CVE-2012-2975 — MEDIUM (4.3)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
F5	Application Security Manager Appliance	10.0.0

Related Weaknesses (CWE)

CWE-79

References

http://www.kb.cert.org/vuls/id/143395US Government Resource
https://support.f5.com/kb/en-us/solutions/public/13000/800/sol13838.html
http://www.kb.cert.org/vuls/id/143395US Government Resource
https://support.f5.com/kb/en-us/solutions/public/13000/800/sol13838.html

FAQ

What is CVE-2012-2975?

CVE-2012-2975 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted reque...

How severe is CVE-2012-2975?

CVE-2012-2975 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2975?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Application Security Manager Appliance.