F5 BIG-IP - BIG-IP Directory Traversal Vulnerability Network Vulnerability

Summary

F5 BIG-IP is prone to a directory traversal vulnerability.

Impact

An attacker with Resource Administrator or Administrator role access to the BIG-IP Configuration utility may be able to delete arbitrary files.

Solution

See the referenced vendor advisory for a solution.

Insight

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the 'Resource Administrator' or 'Administrator' role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.

Affected

F5 BIG-IP before 10.2.2

Detection

Check the version.

References

https://support.f5.com/kb/en-us/solutions/public/16000/100/sol16121.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8727

CVSS	Base Score: 6.2 AV:L/AC:L/Au:S/C:N/I:C/A:C

Related Vulnerabilities

Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
Apple Safari 'background' Remote Denial Of Service Vulnerability
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
Aardvark Topsites Multiple Vulnerabilities

F5 BIG-IP - BIG-IP directory traversal vulnerability

Take action and discover your vulnerabilities