Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0055 A vulnerability has been identified in BIG-IP ASM 30 June 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP ASM Operating System: Network Appliance Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade Member content until: Saturday, July 30 2011 OVERVIEW A vulnerability has been identified in BIG-IP ASM versions 10.1.0 through 10.2.2. [1] IMPACT The vendor has provided the following description regarding this issue: "A cross-site scripting (XSS) vulnerability exists when the BIG-IP ASM Web Scraping feature is set to Block in the ASM security policy." [1] MITIGATION The vendor recommends upgrading to the latest version of BIG-UP ASM. [1] REFERENCES [1] sol12953: A Cross-Site Scripting (XSS) vulnerability exists in the BIG-IP ASM Web Scraping feature http://support.f5.com/kb/en-us/solutions/public/12000/900/sol12953.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTgvs+e4yVqjM2NGpAQL1wRAAmtRBQo7dlb/YGTKnsC+nbFqHDbQ+ARXY EJT74pu+JIWwVE8p7tD+CVEopBDtpeV/SvTJpTDXYtI+lp1VuxEwMxDWEkjB5kEH o37TM5bOqyNd6+I5LKthpnRdhrLL5hcf4s7HSofWOf2CVRM+6a+CfUhxxkbjwy+N 2PbArkkgkB7cjQb9wJ2xHPCHEUaeATa5G/Lv/4D8jRw+Zk0Bf+mZiZQiJUehEJzP HobafzV2hqonaec9hRCKDybe3lhW6iG2N4JBn0VUnNsJGP2/4Y5xAy/Bg9FJsjoC TOsVkBiCFYuSO+x+zIQ9VQfCJDIs0EaCm9kO0cDjGp1zQ/1rAsLFk3NjtbVcBNpF QE++eaTh87Rh06JhEQUujVk80y5Ldwnuxw+J48sYMxvZBBNfv5FFV5Tb0XlL5e82 gps5l21Hw8BM122glfE0r1cwTVgHeH6NJra2eDr3K/KxpWkmKTy3V97epgLJiRdN gDKCNUDz4ahxX3t7F5BVXEld3ILLoTZQJvaSXVMN4l8NPfzvclpvdPVqLcDS+j0m X518azsu0PxBwD2EzXnQQjwpQ17fFkXCZc2pZnMaOOpOahgK+Swk49odMVYJq6tt Y8yLEKTI+orDb2dsA5KVDyNIY/4F8Dh7/NlM57+Kh/CxaxBpI6zCXWdij2rDLcZp iG+GSDau7Ms= =4UR7 -----END PGP SIGNATURE-----