CVE-2007-6704

F5 FirePass 4100 SSL VPN <6.0.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Richard Brain · htmlremotehardware

https://www.exploit-db.com/exploits/30833

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Adrian Pastor · textremotehardware

https://www.exploit-db.com/exploits/30834

View Code ZIP pw:eip

References (15)

Core 15

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3712

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/492511/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27904

Various Sources x_refsource_misc

http://www.procheckup.com/Vulnerability_PR07-14.php

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/38981

Vendor Advisory x_refsource_confirm

https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/38785

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26659

Exploit x_refsource_misc

http://www.procheckup.com/Vulnerability_PR07-15a.php

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/38795

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/484411/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/38980

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1019031

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26661

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/484413/100/0/threaded

Scores

EPSS 0.0708

EPSS Percentile 91.5%

Details

CWE

CWE-79

Status published

Products (14)

f5/firepass_4100 5.4.1

f5/firepass_4100 5.4.2

f5/firepass_4100 5.4.3

f5/firepass_4100 5.4.4

f5/firepass_4100 5.4.5

f5/firepass_4100 5.4.6

f5/firepass_4100 5.4.7

f5/firepass_4100 5.4.8

f5/firepass_4100 5.4.9

f5/firepass_4100 5.5.0

... and 4 more

Published Mar 05, 2008

Tracked Since Feb 18, 2026