my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.
Max CVSS
5.0
EPSS Score
0.91%
Published
2007-01-12
Updated
2008-09-05
F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.
Max CVSS
6.5
EPSS Score
0.52%
Published
2007-01-12
Updated
2008-09-05
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.
Max CVSS
7.5
EPSS Score
1.72%
Published
2007-01-12
Updated
2008-11-15
3 vulnerabilities found