Skip to main content

F5 BIG-IP Input Validation Flaws Multiple Vulnerabilities

Last Update Date: 23 Jan 2013 11:56 Release Date: 23 Jan 2013 4442 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in F5 BIG-IP, which can be exploited by malicious people to inject SQL commands or allow an authenticated attacker to download arbitrary files from the file system on the target system.

 

A remote authenticated user can supply a specially crafted XML entity value in a request to view files on target system with the privileges of the Apache web service. A remote authenticated user can supply a specially crafted parameter value to execute SQL commands on the underlying database.


Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • version 11.2.0 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link