F5 Tmos vulnerabilities

CVE-2012-1493 [HIGH] CWE-255 CVE-2012-1493: F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier fo

CVE-2008-6474 [CRITICAL] CWE-94 CVE-2008-6474: The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection.

CVE-2008-1503 [MEDIUM] CWE-79 CVE-2008-1503: Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows r Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field, aka "Audit Log XSS." NOTE: these issues might be resultant from cross-site request forgery (CSRF)

CVE-2008-0265 [MEDIUM] CWE-79 CVE-2008-0265: Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management int Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/

CVE-2005-2245 [HIGH] CVE-2005-2245: Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers.

CVE-2005-0356 [MEDIUM] CVE-2005-0356: Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timest Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

CVE-1999-1550 [MEDIUM] CVE-1999-1550: bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by speci bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter.