F5 BIG-IP Input Validation Flaws Multiple Vulnerabilities

Last Update Date: 23 Jan 2013 11:56 Release Date: 23 Jan 2013 3728 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in F5 BIG-IP, which can be exploited by malicious people to inject SQL commands or allow an authenticated attacker to download arbitrary files from the file system on the target system.

 

A remote authenticated user can supply a specially crafted XML entity value in a request to view files on target system with the privileges of the Apache web service. A remote authenticated user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • version 11.2.0 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Lenovo ThinkPad Bluetooth with Enhanced Data Rate Software Insecure Library Loading Vulnerability

23 Jan 2013 3860 Views

Next

IBM WebSphere Application Server Multiple Vulnerabilities

23 Jan 2013 3685 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY