XML External Entity Vulnerabilities in F5 BIG-IP Configuration Utility
CVE-2014-6032

Currently unrated

Key Information:

Vendor
F5
Vendor
CVE Published:
1 November 2014

Summary

The F5 BIG-IP Configuration utility is susceptible to multiple XML External Entity (XXE) vulnerabilities, which may allow remote authenticated users to read arbitrary files and potentially cause denial of service through specially crafted requests. The vulnerabilities affect several versions across multiple F5 BIG-IP modules, enabling attackers to exploit the weaknesses via specific XML elements.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.