CVE-2013-0150

critical F5
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
1.1%
Exploitation probability in 30 days
Top 22% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: August 9, 2013 (4660 days ago)
Last Modified: April 29, 2026
Vendor: F5
Source: NVD

Description

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.

CWE

CWE-22

Affected Products

f5 big-ip access policy managerf5 big-ip advanced firewall managerf5 big-ip analyticsf5 big-ip application security managerf5 big-ip edge gatewayf5 big-ip global traffic managerf5 big-ip link controllerf5 big-ip local traffic managerf5 big-ip policy enforcement managerf5 big-ip protocol security module

References

🔗 secunia.com 🔗 support.f5.com 🔗 nealpoole.com 🔗 secunia.com 🔗 support.f5.com