XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. (CVE-2017-9233)
Impact
BIG-IP
Administrative interfaces, such as iControl SOAP, are vulnerable to a denial-of-service (DoS) attack if a malicious XML document is uploaded to and processed by the BIG-IP system. The XML process in the data plane is not affected.
BIG-IQ
This XML external entity vulnerability may allow attackers to put the parser in an infinite loop using a malformed external entity definition.