perl-XML-Twig: The option to expand_external_ents
, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option’s setting. (CVE-2016-9180)
Impact
An authenticated user with a BIG-IP ASM administrative role, such as Policy Editor, may be able to craft an XML message which, when processed by the ASMConfig process usingperl-XML-Twig, may cause a denial of service (DoS) or potentially an information disclosure.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.5.5 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 11.6.1 |