PHP vulnerability CVE-2011-4885

2012-05-17T22:23:00
ID F5:K13588
Type f5
Reporter f5
Modified 2017-04-06T16:50:00

Description

F5 Product Development has assigned ID 383081 (BIG-IP 10.x), ID 375749 (BIG-IP 11.x), and ID 376713 (FirePass) to this vulnerability.

To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:

Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature
---|---|---|---
BIG-IP LTM | 10.0.0 - 10.2.4
11.0.0 - 11.1.0
| 11.2.0 - 11.4.0
| Administrative access on any interface
BIG-IP GTM | 10.0.0 - 10.2.4
11.0.0 - 11.1.0
| 11.2.0 - 11.4.0 | Administrative access on any interface
BIG-IP ASM | 10.0.0 - 10.2.4
11.0.0 - 11.1.0
| 11.2.0 - 11.4.0 | Administrative access on any interface
BIG-IP Link Controller | 10.0.0 - 10.2.4
11.0.0 - 11.1.0
| 11.2.0 - 11.4.0 | Administrative access on any interface
BIG-IP WebAccelerator | None
| 10.0.0 - 10.2.4
11.0.0 - 11.3.0 | None
BIG-IP PSM | 10.0.0 - 10.2.4
11.0.0 - 11.1.0 | 11.2.0 - 11.4.0 | Administrative access on any interface
BIG-IP WOM | 10.0.0 - 10.2.4
11.0.0 - 11.1.0 | 11.2.0 - 11.3.0 | Administrative access on any interface
BIG-IP APM | 10.0.0 - 10.2.4
11.0.0 - 11.1.0 | 11.2.0 - 11.4.0 | Administrative access on any interface
BIG-IP Edge Gateway
| 10.0.0 - 10.2.4
11.0.0 - 11.1.0 | 11.2.0 - 11.4.0 | Administrative access on any interface
BIG-IP Analytics
| 11.0.0 - 11.1.0 | 11.2.0 - 11.4.0
| Administrative access on any interface
BIG-IP AFM | None | 11.3.0 - 11.4.0 | None
BIG-IP PEM
| None | 11.3.0 - 11.4.0 | None
BIG-IP AAM | None | 11.4.0 | None
FirePass | 6.x
7.x
| 7.0.0 HF-70-7
6.1.0 HF-610-9
| Administrative console logon page
User access logon page
Enterprise Manager | None
| 1.x
2.x
3.x | None

ARX | None
| 5.x
6.x | None

BIG-IP

To mitigate this vulnerability, expose the administrative interface only on trusted networks and limit login access to trusted users.

FirePass

For information about hotfix status, contact F5 Technical Support.