To prevent exposure to this vulnerability do not select any unknown or suspicious content when viewing log files using the BIG-IP or Enterprise Manager web management interface. To view log files from the command line, access the device using an SSH client.
Note: Because exploitation of this vulnerability requires an authenticated user, F5 considers this to be a local vulnerability.
F5 Product Development tracked this issue as CR96889, and it was fixed in BIG-IP 10.0.0 and Enterprise Manager 1.8.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, PSM, Link Controller, WebAccelerator or Enterprise Manager release notes.
For additional information about this advisory, refer to the following articles:
<http://www.securityfocus.com/archive/1/489991>
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7032>
CPE | Name | Operator | Version |
---|---|---|---|
big-ip gtm | le | 9.4.8 | |
big-ip ltm | le | 9.6.1 | |
big-ip asm | le | 9.4.8 | |
big-ip webaccelerator | le | 9.4.8 | |
big-ip psm | le | 9.4.8 | |
enterprise manager | le | 1.7.0 | |
big-ip link controller | le | 9.4.8 |