F5 Networks BIG-IP : GeoIP vulnerability (K23124150)
Medium Nessus Plugin ID 118644
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionCarefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.
Clients accessing the affected system may be exposed to cross-site scripting (XSS) attacks. This vulnerability does not affect data plane traffic.
BIG-IQ / F5 iWorkflow / Enterprise Manager / ARX / LineRate / Traffix SDC
There is no impact; these F5 products are not affected by this vulnerability.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K23124150.