CVE-2013-0150

F5 BIG-IP APM 10.1.0-10.2.4 and 11.0.0-11.3.0 - Remote Code Execution via Java Applet Filename Parameter

Title source: llm

Description

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet/

Vendor Advisory x_refsource_confirm

http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html

Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/53477

Scores

EPSS 0.0106

EPSS Percentile 77.9%

Details

CWE

CWE-22

Status published

Products (14)

f5/big-ip_access_policy_manager 10.1.0 - 10.2.4

f5/big-ip_advanced_firewall_manager 11.3.0

f5/big-ip_analytics 11.0.0 - 11.3.0

f5/big-ip_application_security_manager 10.1.0 - 10.2.4

f5/big-ip_edge_gateway 10.1.0 - 10.2.4

f5/big-ip_global_traffic_manager 10.1.0 - 10.2.4

f5/big-ip_link_controller 10.1.0 - 10.2.4

f5/big-ip_local_traffic_manager 10.1.0 - 10.2.4

f5/big-ip_policy_enforcement_manager 11.3.0

f5/big-ip_protocol_security_module 10.1.0 - 10.2.4

... and 4 more

Published Aug 09, 2013

Tracked Since Feb 18, 2026