Summary
F5 BIG-IP is prone to a directory traversal vulnerability.
Impact
An attacker with Resource Administrator or Administrator role access to the BIG-IP Configuration utility may be able to delete arbitrary files.
Solution
See the referenced vendor advisory for a solution.
Insight
Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the 'Resource Administrator' or 'Administrator' role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter
to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.
Affected
F5 BIG-IP before 10.2.2
Detection
Check the version.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8727 -
CVSS Base Score: 6.2
AV:L/AC:L/Au:S/C:N/I:C/A:C
Related Vulnerabilities
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
- Apple Mac OS X Denial of Service Vulnerability
- Apple Safari Webkit Multiple Vulnerabilities - May13 (Mac OS X)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
- Apple Safari libxml Denial of Service Vulnerability