Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2011.0055
A vulnerability has been identified in BIG-IP ASM
30 June 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BIG-IP ASM
Operating System: Network Appliance
Impact/Access: Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
Member content until: Saturday, July 30 2011
OVERVIEW
A vulnerability has been identified in BIG-IP ASM versions 10.1.0
through 10.2.2. [1]
IMPACT
The vendor has provided the following description regarding this
issue:
"A cross-site scripting (XSS) vulnerability exists when the BIG-IP ASM
Web Scraping feature is set to Block in the ASM security policy." [1]
MITIGATION
The vendor recommends upgrading to the latest version of BIG-UP
ASM. [1]
REFERENCES
[1] sol12953: A Cross-Site Scripting (XSS) vulnerability exists in the
BIG-IP ASM Web Scraping feature
http://support.f5.com/kb/en-us/solutions/public/12000/900/sol12953.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTgvs+e4yVqjM2NGpAQL1wRAAmtRBQo7dlb/YGTKnsC+nbFqHDbQ+ARXY
EJT74pu+JIWwVE8p7tD+CVEopBDtpeV/SvTJpTDXYtI+lp1VuxEwMxDWEkjB5kEH
o37TM5bOqyNd6+I5LKthpnRdhrLL5hcf4s7HSofWOf2CVRM+6a+CfUhxxkbjwy+N
2PbArkkgkB7cjQb9wJ2xHPCHEUaeATa5G/Lv/4D8jRw+Zk0Bf+mZiZQiJUehEJzP
HobafzV2hqonaec9hRCKDybe3lhW6iG2N4JBn0VUnNsJGP2/4Y5xAy/Bg9FJsjoC
TOsVkBiCFYuSO+x+zIQ9VQfCJDIs0EaCm9kO0cDjGp1zQ/1rAsLFk3NjtbVcBNpF
QE++eaTh87Rh06JhEQUujVk80y5Ldwnuxw+J48sYMxvZBBNfv5FFV5Tb0XlL5e82
gps5l21Hw8BM122glfE0r1cwTVgHeH6NJra2eDr3K/KxpWkmKTy3V97epgLJiRdN
gDKCNUDz4ahxX3t7F5BVXEld3ILLoTZQJvaSXVMN4l8NPfzvclpvdPVqLcDS+j0m
X518azsu0PxBwD2EzXnQQjwpQ17fFkXCZc2pZnMaOOpOahgK+Swk49odMVYJq6tt
Y8yLEKTI+orDb2dsA5KVDyNIY/4F8Dh7/NlM57+Kh/CxaxBpI6zCXWdij2rDLcZp
iG+GSDau7Ms=
=4UR7
-----END PGP SIGNATURE-----