Vulnerability Details CVE-2013-0150
Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.4%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/53477
- http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html
- https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/
- http://secunia.com/advisories/53477
- http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html
- https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/
Products affected by CVE-2013-0150
-
cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.1
-
cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.2
-
cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.3
-
cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.4
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.1.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_analytics:11.0.0
-
cpe:2.3:a:f5:big-ip_analytics:11.1.0
-
cpe:2.3:a:f5:big-ip_analytics:11.2.0
-
cpe:2.3:a:f5:big-ip_analytics:11.2.1
-
cpe:2.3:a:f5:big-ip_analytics:11.3.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:10.1.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:10.2.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:10.2.1
-
cpe:2.3:a:f5:big-ip_application_security_manager:10.2.2
-
cpe:2.3:a:f5:big-ip_application_security_manager:10.2.3
-
cpe:2.3:a:f5:big-ip_application_security_manager:10.2.4
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.1.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.2.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:10.1.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:10.2.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:10.2.1
-
cpe:2.3:a:f5:big-ip_edge_gateway:10.2.2
-
cpe:2.3:a:f5:big-ip_edge_gateway:10.2.3
-
cpe:2.3:a:f5:big-ip_edge_gateway:10.2.4
-
cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:11.1.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:11.2.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1
-
cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:10.1.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.1
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.2
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.3
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.4
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.1.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_link_controller:10.1.0
-
cpe:2.3:a:f5:big-ip_link_controller:10.2.0
-
cpe:2.3:a:f5:big-ip_link_controller:10.2.1
-
cpe:2.3:a:f5:big-ip_link_controller:10.2.2
-
cpe:2.3:a:f5:big-ip_link_controller:10.2.3
-
cpe:2.3:a:f5:big-ip_link_controller:10.2.4
-
cpe:2.3:a:f5:big-ip_link_controller:11.0.0
-
cpe:2.3:a:f5:big-ip_link_controller:11.1.0
-
cpe:2.3:a:f5:big-ip_link_controller:11.2.0
-
cpe:2.3:a:f5:big-ip_link_controller:11.2.1
-
cpe:2.3:a:f5:big-ip_link_controller:11.3.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:10.1.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.1
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.2
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.3
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.4
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.0.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.1.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_protocol_security_module:10.1.0
-
cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.0
-
cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.1
-
cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.2
-
cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.3
-
cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.4
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.0.0
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.1.0
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.1
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.1.0
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.0
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.1
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.2
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.3
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.4
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.0.0
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.1.0
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.0
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:10.1.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:10.2.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:10.2.1
-
cpe:2.3:a:f5:big-ip_webaccelerator:10.2.2
-
cpe:2.3:a:f5:big-ip_webaccelerator:10.2.3
-
cpe:2.3:a:f5:big-ip_webaccelerator:10.2.4
-
cpe:2.3:a:f5:big-ip_webaccelerator:11.0.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:11.1.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1
-
cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0
-
cpe:2.3:a:f5:firepass:6.0.0
-
cpe:2.3:a:f5:firepass:6.0.1
-
cpe:2.3:a:f5:firepass:6.0.2
-
cpe:2.3:a:f5:firepass:6.0.3
-
cpe:2.3:a:f5:firepass:6.1.0
-
cpe:2.3:a:f5:firepass:7.0.0