CVE-2013-0150

CWE-22 — Path Traversal4 documents4 sources

Severity

9.3CRITICAL

EPSS

1.1%

top 22.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Analytics F5 Big-ip Application Security Manager +10 more

Timeline

PublishedAug 9

Latest updateMay 5

Description

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages13 packages

▶NVDf5/firepass6.0.0 — 6.1.0+1

▶NVDf5/big-ip_analytics11.0.0 — 11.3.0

▶NVDf5/big-ip_edge_gateway10.1.0 — 10.2.4+1

▶NVDf5/big-ip_webaccelerator10.1.0 — 10.2.4+1

▶NVDf5/big-ip_link_controller10.1.0 — 10.2.4+1

🔴Vulnerability Details

GHSA

GHSA-wxch-2vvj-p58q: Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10↗2022-05-05

▶

OSV

qemu, qemu-kvm vulnerabilities↗2014-04-28

▶

CVEList

CVE-2013-0150: Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10↗2013-08-09

▶