Perl Code Injection Vulnerability in F5 BIG-IP Management Interface
CVE-2008-6474

Currently unrated

Key Information:

Vendor: F5
Status: Tmos
Vendor: CVE Published:; 16 March 2009

Summary

The management interface of F5 BIG-IP version 9.4.3 is vulnerable to a code injection attack that allows remote authenticated users possessing Resource Manager privileges to inject arbitrary Perl code. This vulnerability arises from unspecified configuration settings associated with Perl EP3 templates, potentially enabling attackers to execute malicious code within the system. As a result, it is crucial for users of this version to assess their configuration settings and apply necessary mitigations to safeguard against potential exploitation.

References

http://osvdb.org/51116

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/28639

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/490496/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Mar 16, 2009
Vulnerability Reserved
Mar 16, 2009