Lucene search

PRIOn knowledge basePRION:CVE-2012-2997

HistoryJan 21, 2014 - 6:55 p.m.

Xxe

2014-01-2118:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

86.8%

JSON

XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.

CPENameOperatorVersion
big-ip_configuration_utilityeq10.2.4
big-ip_configuration_utilityeq10.0.0
big-ip_configuration_utilityeq11.2.1
big-ip_configuration_utilityeq11.0.0

Name	Operator	Version
big-ip_configuration_utility	eq	10.2.4
big-ip_configuration_utility	eq	10.0.0
big-ip_configuration_utility	eq	11.2.1
big-ip_configuration_utility	eq	11.0.0

References

archives.neohapsis.com/archives/bugtraq/2013-01/0093.html

osvdb.org/89447

support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html

www.securityfocus.com/bid/57496

exchange.xforce.ibmcloud.com/vulnerabilities/81426

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt

6.6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

86.8%

JSON

Related for PRION:CVE-2012-2997