Vulnerability Description
Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Access Policy Manager | 11.2.1 |
| F5 | Big-Ip Advanced Firewall Manager | 11.2.1 |
| F5 | Big-Ip Analytics | 11.2.1 |
| F5 | Big-Ip Application Acceleration Manager | 11.4.0 |
| F5 | Big-Ip Application Security Manager | 11.2.1 |
| F5 | Big-Ip Edge Gateway | 11.2.1 |
| F5 | Big-Ip Global Traffic Manager | 11.2.1 |
| F5 | Big-Ip Link Controller | 11.2.1 |
| F5 | Big-Ip Local Traffic Manager | 11.2.1 |
| F5 | Big-Ip Policy Enforcement Manager | 11.3.0 |
| F5 | Big-Ip Protocol Security Module | 11.2.1 |
| F5 | Big-Ip Wan Optimization Manager | 11.2.1 |
| F5 | Big-Ip Webaccelerator | 11.2.1 |
| F5 | Enterprise Manager | 3.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/58969
- http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.htmlVendor Advisory
- http://www.securityfocus.com/bid/67771Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030319Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030320Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/58969
- http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.htmlVendor Advisory
- http://www.securityfocus.com/bid/67771Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030319Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030320Third Party AdvisoryVDB Entry
FAQ
What is CVE-2014-3959?
CVE-2014-3959 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 ...
How severe is CVE-2014-3959?
CVE-2014-3959 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3959?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Application Security Manager.