CVE-2012-2997

2014-01-2118:55:03

CWE-200

certcc

web.nvd.nist.gov

cve-2012-2997

f5 big-ip

xxe vulnerability

xml external entity

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.012

Percentile

85.7%

JSON

XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.

Affected configurations

Nvd

Node

f5big-ip_configuration_utilityMatch10.0.0

f5big-ip_configuration_utilityMatch10.2.4

f5big-ip_configuration_utilityMatch11.0.0

f5big-ip_configuration_utilityMatch11.2.1

VendorProductVersionCPE
f5big-ip_configuration_utility10.0.0cpe:2.3:a:f5:big-ip_configuration_utility:10.0.0:*:*:*:*:*:*:*
f5big-ip_configuration_utility10.2.4cpe:2.3:a:f5:big-ip_configuration_utility:10.2.4:*:*:*:*:*:*:*
f5big-ip_configuration_utility11.0.0cpe:2.3:a:f5:big-ip_configuration_utility:11.0.0:*:*:*:*:*:*:*
f5big-ip_configuration_utility11.2.1cpe:2.3:a:f5:big-ip_configuration_utility:11.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_configuration_utility	10.0.0	cpe:2.3:a:f5:big-ip_configuration_utility:10.0.0:::::::*
f5	big-ip_configuration_utility	10.2.4	cpe:2.3:a:f5:big-ip_configuration_utility:10.2.4:::::::*
f5	big-ip_configuration_utility	11.0.0	cpe:2.3:a:f5:big-ip_configuration_utility:11.0.0:::::::*
f5	big-ip_configuration_utility	11.2.1	cpe:2.3:a:f5:big-ip_configuration_utility:11.2.1:::::::*