Lucene search

MitreCVE-2014-6032

HistoryNov 01, 2014 - 11:55 p.m.

CVE-2014-6032

2014-11-0123:55:09

mitre

web.nvd.nist.gov

cve-2014-6032

xml external entity

xxe

f5 big-ip

ltm

asm

gtm

link controller

aam

arm

analytics

apm

edge gateway

pem

psm

wom

enterprise manager

information security

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

AI Score

6.7

Confidence

Low

EPSS

0.008

Percentile

81.5%

JSON

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.

Affected configurations

Nvd

Node

f5big-ip_protocol_security_moduleMatch10.0.0

f5big-ip_protocol_security_moduleMatch10.1.0

f5big-ip_protocol_security_moduleMatch10.2.0

f5big-ip_protocol_security_moduleMatch10.2.1

f5big-ip_protocol_security_moduleMatch10.2.2

f5big-ip_protocol_security_moduleMatch10.2.3

f5big-ip_protocol_security_moduleMatch10.2.4

f5big-ip_protocol_security_moduleMatch11.0.0

f5big-ip_protocol_security_moduleMatch11.1.0

f5big-ip_protocol_security_moduleMatch11.2.0

f5big-ip_protocol_security_moduleMatch11.2.1

f5big-ip_protocol_security_moduleMatch11.3.0

f5big-ip_protocol_security_moduleMatch11.4.0

f5big-ip_protocol_security_moduleMatch11.4.1

Node

f5big-ip_global_traffic_managerMatch10.0.0

f5big-ip_global_traffic_managerMatch10.1.0

f5big-ip_global_traffic_managerMatch10.2.0

f5big-ip_global_traffic_managerMatch10.2.1

f5big-ip_global_traffic_managerMatch10.2.2

f5big-ip_global_traffic_managerMatch10.2.3

f5big-ip_global_traffic_managerMatch10.2.4

f5big-ip_global_traffic_managerMatch11.0.0

f5big-ip_global_traffic_managerMatch11.1.0

f5big-ip_global_traffic_managerMatch11.2.0

f5big-ip_global_traffic_managerMatch11.2.1

f5big-ip_global_traffic_managerMatch11.3.0

f5big-ip_global_traffic_managerMatch11.4.0

f5big-ip_global_traffic_managerMatch11.4.1

f5big-ip_global_traffic_managerMatch11.5.0

f5big-ip_global_traffic_managerMatch11.5.1

f5big-ip_global_traffic_managerMatch11.6.0

Node

f5big-ip_policy_enforcement_managerMatch11.3.0

f5big-ip_policy_enforcement_managerMatch11.4.0

f5big-ip_policy_enforcement_managerMatch11.4.1

f5big-ip_policy_enforcement_managerMatch11.5.0

f5big-ip_policy_enforcement_managerMatch11.5.1

f5big-ip_policy_enforcement_managerMatch11.6.0

Node

f5big-ip_wan_optimization_managerMatch10.0.0

f5big-ip_wan_optimization_managerMatch10.1.0

f5big-ip_wan_optimization_managerMatch10.2.0

f5big-ip_wan_optimization_managerMatch10.2.1

f5big-ip_wan_optimization_managerMatch10.2.2

f5big-ip_wan_optimization_managerMatch10.2.3

f5big-ip_wan_optimization_managerMatch10.2.4

f5big-ip_wan_optimization_managerMatch11.0.0

f5big-ip_wan_optimization_managerMatch11.1.0

f5big-ip_wan_optimization_managerMatch11.2.0

f5big-ip_wan_optimization_managerMatch11.2.1

f5big-ip_wan_optimization_managerMatch11.3.0

Node

f5big-ip_application_acceleration_managerMatch11.4.0

f5big-ip_application_acceleration_managerMatch11.4.1

f5big-ip_application_acceleration_managerMatch11.5.0

f5big-ip_application_acceleration_managerMatch11.5.1

f5big-ip_application_acceleration_managerMatch11.6.0

Node

f5big-ip_application_security_managerMatch10.0.0

f5big-ip_application_security_managerMatch10.1.0

f5big-ip_application_security_managerMatch10.2.0

f5big-ip_application_security_managerMatch10.2.1

f5big-ip_application_security_managerMatch10.2.2

f5big-ip_application_security_managerMatch10.2.3

f5big-ip_application_security_managerMatch10.2.4

f5big-ip_application_security_managerMatch11.0.0

f5big-ip_application_security_managerMatch11.1.0

f5big-ip_application_security_managerMatch11.2.0

f5big-ip_application_security_managerMatch11.2.1

f5big-ip_application_security_managerMatch11.3.0

f5big-ip_application_security_managerMatch11.4.0

f5big-ip_application_security_managerMatch11.4.1

f5big-ip_application_security_managerMatch11.5.0

f5big-ip_application_security_managerMatch11.5.1

f5big-ip_application_security_managerMatch11.6.0

Node

f5big-ip_advanced_firewall_managerMatch11.3.0

f5big-ip_advanced_firewall_managerMatch11.4.0

f5big-ip_advanced_firewall_managerMatch11.4.1

f5big-ip_advanced_firewall_managerMatch11.5.0

f5big-ip_advanced_firewall_managerMatch11.5.1

f5big-ip_advanced_firewall_managerMatch11.6.0

Node

f5big-ip_webacceleratorMatch10.0.0

f5big-ip_webacceleratorMatch10.1.0

f5big-ip_webacceleratorMatch10.2.0

f5big-ip_webacceleratorMatch10.2.1

f5big-ip_webacceleratorMatch10.2.2

f5big-ip_webacceleratorMatch10.2.3

f5big-ip_webacceleratorMatch10.2.4

f5big-ip_webacceleratorMatch11.0.0

f5big-ip_webacceleratorMatch11.1.0

f5big-ip_webacceleratorMatch11.2.0

f5big-ip_webacceleratorMatch11.2.1

f5big-ip_webacceleratorMatch11.3.0

Node

f5big-ip_analyticsMatch11.0.0

f5big-ip_analyticsMatch11.1.0

f5big-ip_analyticsMatch11.2.0

f5big-ip_analyticsMatch11.2.1

f5big-ip_analyticsMatch11.3.0

f5big-ip_analyticsMatch11.4.0

f5big-ip_analyticsMatch11.4.1

f5big-ip_analyticsMatch11.5.0

f5big-ip_analyticsMatch11.5.1

f5big-ip_analyticsMatch11.6.0

Node

f5big-ip_link_controllerMatch10.0.0

f5big-ip_link_controllerMatch10.1.0

f5big-ip_link_controllerMatch10.2.0

f5big-ip_link_controllerMatch10.2.1

f5big-ip_link_controllerMatch10.2.2

f5big-ip_link_controllerMatch10.2.3

f5big-ip_link_controllerMatch10.2.4

f5big-ip_link_controllerMatch11.0.0

f5big-ip_link_controllerMatch11.1.0

f5big-ip_link_controllerMatch11.2.0

f5big-ip_link_controllerMatch11.2.1

f5big-ip_link_controllerMatch11.3.0

f5big-ip_link_controllerMatch11.4.0

f5big-ip_link_controllerMatch11.4.1

f5big-ip_link_controllerMatch11.5.0

f5big-ip_link_controllerMatch11.5.1

f5big-ip_link_controllerMatch11.6.0

Node

f5big-ip_application_security_managerMatch10.0.0

f5big-ip_application_security_managerMatch10.1.0

f5big-ip_application_security_managerMatch10.2.0

f5big-ip_application_security_managerMatch10.2.1

f5big-ip_application_security_managerMatch10.2.2

f5big-ip_application_security_managerMatch10.2.3

f5big-ip_application_security_managerMatch10.2.4

f5big-ip_application_security_managerMatch11.0.0

f5big-ip_application_security_managerMatch11.1.0

f5big-ip_application_security_managerMatch11.2.0

f5big-ip_application_security_managerMatch11.2.1

f5big-ip_application_security_managerMatch11.3.0

f5big-ip_application_security_managerMatch11.4.0

f5big-ip_application_security_managerMatch11.4.1

f5big-ip_application_security_managerMatch11.5.0

f5big-ip_application_security_managerMatch11.5.1

f5big-ip_application_security_managerMatch11.6.0

Node

f5enterprise_managerMatch3.0.0

f5enterprise_managerMatch3.1.0

f5enterprise_managerMatch3.1.1

f5enterprise_managerMatch2.1.0

f5enterprise_managerMatch2.2.0

f5enterprise_managerMatch2.3.0

Node

f5big-ip_local_traffic_managerMatch10.0.0

f5big-ip_local_traffic_managerMatch10.1.0

f5big-ip_local_traffic_managerMatch10.2.0

f5big-ip_local_traffic_managerMatch10.2.1

f5big-ip_local_traffic_managerMatch10.2.2

f5big-ip_local_traffic_managerMatch10.2.3

f5big-ip_local_traffic_managerMatch10.2.4

f5big-ip_local_traffic_managerMatch11.0.0

f5big-ip_local_traffic_managerMatch11.1.0

f5big-ip_local_traffic_managerMatch11.2.0

f5big-ip_local_traffic_managerMatch11.2.1

f5big-ip_local_traffic_managerMatch11.3.0

f5big-ip_local_traffic_managerMatch11.4.0

f5big-ip_local_traffic_managerMatch11.4.1

f5big-ip_local_traffic_managerMatch11.5.0

f5big-ip_local_traffic_managerMatch11.5.1

f5big-ip_local_traffic_managerMatch11.6.0

Node

f5big-ip_edge_gatewayMatch10.1.0

f5big-ip_edge_gatewayMatch10.2.0

f5big-ip_edge_gatewayMatch10.2.1

f5big-ip_edge_gatewayMatch10.2.2

f5big-ip_edge_gatewayMatch10.2.3

f5big-ip_edge_gatewayMatch10.2.4

f5big-ip_edge_gatewayMatch11.0.0

f5big-ip_edge_gatewayMatch11.1.0

f5big-ip_edge_gatewayMatch11.2.0

f5big-ip_edge_gatewayMatch11.2.1

f5big-ip_edge_gatewayMatch11.3.0

VendorProductVersionCPE
f5big-ip_protocol_security_module10.0.0cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.0:*:*:*:*:*:*:*
f5big-ip_protocol_security_module10.1.0cpe:2.3:a:f5:big-ip_protocol_security_module:10.1.0:*:*:*:*:*:*:*
f5big-ip_protocol_security_module10.2.0cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.0:*:*:*:*:*:*:*
f5big-ip_protocol_security_module10.2.1cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.1:*:*:*:*:*:*:*
f5big-ip_protocol_security_module10.2.2cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.2:*:*:*:*:*:*:*
f5big-ip_protocol_security_module10.2.3cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.3:*:*:*:*:*:*:*
f5big-ip_protocol_security_module10.2.4cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.4:*:*:*:*:*:*:*
f5big-ip_protocol_security_module11.0.0cpe:2.3:a:f5:big-ip_protocol_security_module:11.0.0:*:*:*:*:*:*:*
f5big-ip_protocol_security_module11.1.0cpe:2.3:a:f5:big-ip_protocol_security_module:11.1.0:*:*:*:*:*:*:*
f5big-ip_protocol_security_module11.2.0cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_protocol_security_module	10.0.0	cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.0:::::::*
f5	big-ip_protocol_security_module	10.1.0	cpe:2.3:a:f5:big-ip_protocol_security_module:10.1.0:::::::*
f5	big-ip_protocol_security_module	10.2.0	cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.0:::::::*
f5	big-ip_protocol_security_module	10.2.1	cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.1:::::::*
f5	big-ip_protocol_security_module	10.2.2	cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.2:::::::*
f5	big-ip_protocol_security_module	10.2.3	cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.3:::::::*
f5	big-ip_protocol_security_module	10.2.4	cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.4:::::::*
f5	big-ip_protocol_security_module	11.0.0	cpe:2.3:a:f5:big-ip_protocol_security_module:11.0.0:::::::*
f5	big-ip_protocol_security_module	11.1.0	cpe:2.3:a:f5:big-ip_protocol_security_module:11.1.0:::::::*
f5	big-ip_protocol_security_module	11.2.0	cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0:::::::*

Rows per page:

1-10 of 1501

References

packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html

seclists.org/fulldisclosure/2014/Oct/128

seclists.org/fulldisclosure/2014/Oct/129

seclists.org/fulldisclosure/2014/Oct/130

www.securityfocus.com/bid/70834

www.securitytracker.com/id/1031144

www.securitytracker.com/id/1031145

exchange.xforce.ibmcloud.com/vulnerabilities/98402

exchange.xforce.ibmcloud.com/vulnerabilities/98403

support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html

www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/

www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

AI Score

6.7

Confidence

Low

EPSS

0.008

Percentile

81.5%

JSON

Related for CVE-2014-6032