Informazioni sul CVE-2014-6032
N/A
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2014-6032
Descrizione: Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- http://www.securitytracker.com/id/1031145
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/
- http://www.securitytracker.com/id/1031144
- http://seclists.org/fulldisclosure/2014/Oct/128
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98403
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98402
- https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html
- http://seclists.org/fulldisclosure/2014/Oct/129
- http://seclists.org/fulldisclosure/2014/Oct/130
- http://www.securityfocus.com/bid/70834
- http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/
Prodotti interessati
- n/a – n/a
Relazioni con altri prodotti
Nessun prodotto trovato per il CVE: cve-2014-6032