SOL15867 - Perl vulnerabilities CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667

2014-11-2500:00:00

support.f5.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.478 Medium

EPSS

Percentile

97.1%

JSON

Vulnerability Recommended Actions

If you are running a version listed in the Versions known to be vulnerablecolumn, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerablecolumn. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

To mitigate this vulnerability, you should permit access to the system over a secure network and limit command line access to trusted users. For more information about securing access to the system, refer to SOL13092: Overview of securing access to the BIG-IP system.

Supplemental Information

SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4602: Overview of the F5 security vulnerability response policy
SOL4918: Overview of the F5 critical issue hotfix policy

CPENameOperatorVersion
big-iq securityle4.5.0
big-ip apmle11.6.1
big-iq centralized managementle5.0.0
big-ip edge gatewayle11.3.0
big-ip ltmle11.6.1
big-ip webacceleratorle11.3.0
big-ip womle11.3.0
big-ip psmle11.4.1
enterprise managerle3.1.1
big-ip aamle11.6.1

Name	Operator	Version
big-iq security	le	4.5.0
big-ip apm	le	11.6.1
big-iq centralized management	le	5.0.0
big-ip edge gateway	le	11.3.0
big-ip ltm	le	11.6.1
big-ip webaccelerator	le	11.3.0
big-ip wom	le	11.3.0
big-ip psm	le	11.4.1
enterprise manager	le	3.1.1
big-ip aam	le	11.6.1