F5 BIG-IP Application Security Manager 9.2.3

CPE Details

F5 BIG-IP Application Security Manager 9.2.3
f5
big-ip_application_security_manager
9.2.3
2019-02-27
13h11 +00:00
2019-02-27
13h11 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:f5:big-ip_application_security_manager:9.2.3:*:*:*:*:*:*:*

Informations

Vendor

f5

Product

big-ip_application_security_manager

Version

9.2.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2013-3587 2020-02-21 16h11 +00:00 The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
5.9
Medium
CVE-2015-4040 2015-09-17 14h00 +00:00 Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
4
CVE-2015-1050 2015-01-15 14h00 +00:00 Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account.
4.3
CVE-2008-0539 2008-02-01 18h41 +00:00 Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter.
4.3