XML External Entity Vulnerabilities in F5 BIG-IP Configuration Utility
CVE-2014-6032

Currently unrated

Key Information:

Vendor
F5
Status
Big-ip Protocol Security Module
Vendor
CVE Published:
1 November 2014

Summary

The F5 BIG-IP Configuration utility is susceptible to multiple XML External Entity (XXE) vulnerabilities, which may allow remote authenticated users to read arbitrary files and potentially cause denial of service through specially crafted requests. The vulnerabilities affect several versions across multiple F5 BIG-IP modules, enabling attackers to exploit the weaknesses via specific XML elements.

References

http://www.securitytracker.com/id/1031145
vdb-entryx_refsource_SECTRACK
https://www.portcullis-security.com/security-research-and...
x_refsource_MISC
http://www.securitytracker.com/id/1031144
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.