CVE-2014-8727

Currently unrated

Key Information:

Vendor: F5
Status: Big-ip Local Traffic Manager
Vendor: CVE Published:; 17 November 2014

Summary

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.

References

http://www.securitytracker.com/id/1031216

vdb-entryx_refsource_SECTRACK

http://packetstormsecurity.com/files/129084/F5-BIG-IP-10....

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/98676

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Nov 17, 2014
Vulnerability Reserved
Nov 10, 2014