First published: Tue Jun 10 2008(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
F5 FirePass SSL VPN | =6.0.2-hotfix_3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-2637 is considered a moderate severity vulnerability due to its potential for cross-site scripting attacks.
To fix CVE-2008-2637, update the F5 FirePass SSL VPN to the latest available version or hotfix that addresses these vulnerabilities.
CVE-2008-2637 affects F5 FirePass SSL VPN version 6.0.2 hotfix 3 and possibly earlier versions.
CVE-2008-2637 can be exploited through cross-site scripting (XSS) that allows remote attackers to inject arbitrary web scripts or HTML.
While no official workaround is provided for CVE-2008-2637, disabling unnecessary features or limiting user input may help mitigate risks until a patch is applied.