Lucene search

MitreCVE-2015-8021

HistoryApr 12, 2016 - 2:59 p.m.

CVE-2015-8021

2016-04-1214:59:02

CWE-284

mitre

web.nvd.nist.gov

cve-2015-8021

vulnerability

big-ip

ltm

analytics

apm

asm

gtm

link controller

psm

aam

afm

pem

edge gateway

webaccelerator

wom

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.

Affected configurations

Nvd

Node

f5big-ip_access_policy_managerMatch11.0.0

f5big-ip_access_policy_managerMatch11.1.0

f5big-ip_access_policy_managerMatch11.2.0

f5big-ip_access_policy_managerMatch11.2.1

f5big-ip_access_policy_managerMatch11.3.0

f5big-ip_access_policy_managerMatch11.4.0

f5big-ip_access_policy_managerMatch11.4.1

f5big-ip_advanced_firewall_managerMatch11.3.0

f5big-ip_advanced_firewall_managerMatch11.4.0

f5big-ip_advanced_firewall_managerMatch11.4.1

f5big-ip_analyticsMatch11.0.0

f5big-ip_analyticsMatch11.1.0

f5big-ip_analyticsMatch11.2.0

f5big-ip_analyticsMatch11.2.1

f5big-ip_analyticsMatch11.3.0

f5big-ip_analyticsMatch11.4.0

f5big-ip_analyticsMatch11.4.1

f5big-ip_application_acceleration_managerMatch11.4.0

f5big-ip_application_acceleration_managerMatch11.4.1

f5big-ip_application_security_managerMatch11.0.0

f5big-ip_application_security_managerMatch11.1.0

f5big-ip_application_security_managerMatch11.2.0

f5big-ip_application_security_managerMatch11.2.1

f5big-ip_application_security_managerMatch11.3.0

f5big-ip_application_security_managerMatch11.4.0

f5big-ip_application_security_managerMatch11.4.1

f5big-ip_edge_gatewayMatch11.0.0

f5big-ip_edge_gatewayMatch11.1.0

f5big-ip_edge_gatewayMatch11.2.0

f5big-ip_edge_gatewayMatch11.2.1

f5big-ip_edge_gatewayMatch11.3.0

f5big-ip_global_traffic_managerMatch11.0.0

f5big-ip_global_traffic_managerMatch11.1.0

f5big-ip_global_traffic_managerMatch11.2.0

f5big-ip_global_traffic_managerMatch11.2.1

f5big-ip_global_traffic_managerMatch11.3.0

f5big-ip_global_traffic_managerMatch11.4.0

f5big-ip_link_controllerMatch11.0.0

f5big-ip_link_controllerMatch11.1.0

f5big-ip_link_controllerMatch11.2.0

f5big-ip_link_controllerMatch11.2.1

f5big-ip_link_controllerMatch11.3.0

f5big-ip_link_controllerMatch11.4.0

f5big-ip_link_controllerMatch11.4.1

f5big-ip_local_traffic_managerMatch11.0.0

f5big-ip_local_traffic_managerMatch11.1.0

f5big-ip_local_traffic_managerMatch11.2.0

f5big-ip_local_traffic_managerMatch11.2.1

f5big-ip_local_traffic_managerMatch11.3.0

f5big-ip_local_traffic_managerMatch11.4.0

f5big-ip_local_traffic_managerMatch11.4.1

f5big-ip_policy_enforcement_managerMatch11.3.0

f5big-ip_policy_enforcement_managerMatch11.4.0

f5big-ip_policy_enforcement_managerMatch11.4.1

f5big-ip_protocol_security_moduleMatch11.0.0

f5big-ip_protocol_security_moduleMatch11.1.0

f5big-ip_protocol_security_moduleMatch11.2.0

f5big-ip_protocol_security_moduleMatch11.2.1

f5big-ip_protocol_security_moduleMatch11.3.0

f5big-ip_protocol_security_moduleMatch11.4.0

f5big-ip_protocol_security_moduleMatch11.4.1

f5big-ip_wan_optimization_managerMatch11.0.0

f5big-ip_wan_optimization_managerMatch11.1.0

f5big-ip_wan_optimization_managerMatch11.2.0

f5big-ip_wan_optimization_managerMatch11.2.1

f5big-ip_wan_optimization_managerMatch11.3.0

f5big-ip_webacceleratorMatch11.0.0

f5big-ip_webacceleratorMatch11.1.0

f5big-ip_webacceleratorMatch11.2.0

f5big-ip_webacceleratorMatch11.2.1

f5big-ip_webacceleratorMatch11.3.0

VendorProductVersionCPE
f5big-ip_access_policy_manager11.0.0cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*
f5big-ip_access_policy_manager11.1.0cpe:2.3:a:f5:big-ip_access_policy_manager:11.1.0:*:*:*:*:*:*:*
f5big-ip_access_policy_manager11.2.0cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:*
f5big-ip_access_policy_manager11.2.1cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*
f5big-ip_access_policy_manager11.3.0cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*
f5big-ip_access_policy_manager11.4.0cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*
f5big-ip_access_policy_manager11.4.1cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager11.3.0cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager11.4.0cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager11.4.1cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_access_policy_manager	11.0.0	cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:::::::*
f5	big-ip_access_policy_manager	11.1.0	cpe:2.3:a:f5:big-ip_access_policy_manager:11.1.0:::::::*
f5	big-ip_access_policy_manager	11.2.0	cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.0:::::::*
f5	big-ip_access_policy_manager	11.2.1	cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:::::::*
f5	big-ip_access_policy_manager	11.3.0	cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:::::::*
f5	big-ip_access_policy_manager	11.4.0	cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:::::::*
f5	big-ip_access_policy_manager	11.4.1	cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:::::::*
f5	big-ip_advanced_firewall_manager	11.3.0	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:::::::*
f5	big-ip_advanced_firewall_manager	11.4.0	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:::::::*
f5	big-ip_advanced_firewall_manager	11.4.1	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:::::::*

Rows per page:

1-10 of 711

References

www.securityfocus.com/bid/82340

www.securitytracker.com/id/1034781

support.f5.com/kb/en-us/solutions/public/k/49/sol49580002.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Related for CVE-2015-8021