CVE-2012-2997

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-2997
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2013-01/0093.html Exploit
http://osvdb.org/89447
http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html Vendor Advisory
http://www.securityfocus.com/bid/57496
https://exchange.xforce.ibmcloud.com/vulnerabilities/81426
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt Exploit
http://archives.neohapsis.com/archives/bugtraq/2013-01/0093.html Exploit
http://osvdb.org/89447
http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html Vendor Advisory
http://www.securityfocus.com/bid/57496
https://exchange.xforce.ibmcloud.com/vulnerabilities/81426
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt Exploit
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:f5:big-ip_configuration_utility:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_configuration_utility:10.2.4:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_configuration_utility:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_configuration_utility:11.2.1:*:*:*:*:*:*:*
History

21 Nov 2024, 01:40

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2013-01/0093.html - Exploit () http://archives.neohapsis.com/archives/bugtraq/2013-01/0093.html - Exploit
References () http://osvdb.org/89447 - () http://osvdb.org/89447 -
References () http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html - Vendor Advisory () http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html - Vendor Advisory
References () http://www.securityfocus.com/bid/57496 - () http://www.securityfocus.com/bid/57496 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/81426 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/81426 -
References () https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt - Exploit () https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt - Exploit
Information

Published : 2014-01-21 18:55

Updated : 2024-11-21 01:40

NVD link : CVE-2012-2997

Mitre link : CVE-2012-2997

CVE.ORG link : CVE-2012-2997

JSON object : View

Products Affected

f5

  • big-ip_configuration_utility
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor