Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv2

CVE-2014-6032

Published: 01/11/2014 Updated: 08/09/2017
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P
Subscribe to F5

Vulnerability Summary

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 up to and including 11.6.0 and 10.0.0 up to and including 10.2.4, AAM 11.4.0 up to and including 11.6.0, ARM 11.3.0 up to and including 11.6.0, Analytics 11.0.0 up to and including 11.6.0, APM and Edge Gateway 11.0.0 up to and including 11.6.0 and 10.1.0 up to and including 10.2.4, PEM 11.3.0 up to and including 11.6.0, PSM 11.0.0 up to and including 11.4.1 and 10.0.0 up to and including 10.2.4, and WOM 11.0.0 up to and including 11.3.0 and 10.0.0 up to and including 10.2.4 and Enterprise Manager 3.0.0 up to and including 3.1.1 and 2.1.0 up to and including 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.

Vulnerable Product Search on Vulmon Subscribe to Product

f5 big-ip protocol security module 10.2.3

f5 big-ip protocol security module 11.0.0

f5 big-ip protocol security module 10.2.0

f5 big-ip protocol security module 10.2.1

f5 big-ip protocol security module 11.2.1

f5 big-ip protocol security module 11.3.0

f5 big-ip protocol security module 11.4.0

f5 big-ip protocol security module 10.0.0

f5 big-ip protocol security module 10.1.0

f5 big-ip protocol security module 11.1.0

f5 big-ip protocol security module 11.2.0

f5 big-ip protocol security module 10.2.2

f5 big-ip protocol security module 10.2.4

f5 big-ip protocol security module 11.4.1

f5 big-ip global traffic manager 10.0.0

f5 big-ip global traffic manager 10.1.0

f5 big-ip global traffic manager 11.1.0

f5 big-ip global traffic manager 11.2.0

f5 big-ip global traffic manager 11.6.0

f5 big-ip global traffic manager 10.2.2

f5 big-ip global traffic manager 10.2.3

f5 big-ip global traffic manager 11.4.1

f5 big-ip global traffic manager 11.2.1

f5 big-ip global traffic manager 10.2.0

f5 big-ip global traffic manager 10.2.1

f5 big-ip global traffic manager 11.3.0

f5 big-ip global traffic manager 11.4.0

f5 big-ip global traffic manager 10.2.4

f5 big-ip global traffic manager 11.0.0

f5 big-ip global traffic manager 11.5.1

f5 big-ip global traffic manager 11.5.0

f5 big-ip policy enforcement manager 11.5.0

f5 big-ip policy enforcement manager 11.5.1

f5 big-ip policy enforcement manager 11.3.0

f5 big-ip policy enforcement manager 11.4.0

f5 big-ip policy enforcement manager 11.4.1

f5 big-ip policy enforcement manager 11.6.0

f5 big-ip wan optimization manager 10.0.0

f5 big-ip wan optimization manager 10.1.0

f5 big-ip wan optimization manager 11.1.0

f5 big-ip wan optimization manager 11.2.0

f5 big-ip wan optimization manager 10.2.2

f5 big-ip wan optimization manager 10.2.3

f5 big-ip wan optimization manager 10.2.0

f5 big-ip wan optimization manager 10.2.1

f5 big-ip wan optimization manager 11.2.1

f5 big-ip wan optimization manager 11.3.0

f5 big-ip wan optimization manager 10.2.4

f5 big-ip wan optimization manager 11.0.0

f5 big-ip application acceleration manager 11.5.1

f5 big-ip application acceleration manager 11.6.0

f5 big-ip application acceleration manager 11.4.0

f5 big-ip application acceleration manager 11.4.1

f5 big-ip application acceleration manager 11.5.0

f5 big-ip application security manager 10.2.4

f5 big-ip application security manager 11.0.0

f5 big-ip application security manager 11.5.0

f5 big-ip application security manager 11.6.0

f5 big-ip application security manager 10.2.0

f5 big-ip application security manager 10.2.1

f5 big-ip application security manager 11.2.1

f5 big-ip application security manager 11.3.0

f5 big-ip application security manager 10.0.0

f5 big-ip application security manager 10.1.0

f5 big-ip application security manager 11.1.0

f5 big-ip application security manager 11.2.0

f5 big-ip application security manager 11.5.1

f5 big-ip application security manager 10.2.2

f5 big-ip application security manager 10.2.3

f5 big-ip application security manager 11.4.0

f5 big-ip application security manager 11.4.1

f5 big-ip advanced firewall manager 11.4.0

f5 big-ip advanced firewall manager 11.6.0

f5 big-ip advanced firewall manager 11.5.1

f5 big-ip advanced firewall manager 11.5.0

f5 big-ip advanced firewall manager 11.4.1

f5 big-ip advanced firewall manager 11.3.0

f5 big-ip webaccelerator 10.2.4

f5 big-ip webaccelerator 11.0.0

f5 big-ip webaccelerator 10.2.0

f5 big-ip webaccelerator 10.2.1

f5 big-ip webaccelerator 11.2.1

f5 big-ip webaccelerator 11.3.0

f5 big-ip webaccelerator 10.0.0

f5 big-ip webaccelerator 10.1.0

f5 big-ip webaccelerator 11.1.0

f5 big-ip webaccelerator 11.2.0

f5 big-ip webaccelerator 10.2.2

f5 big-ip webaccelerator 10.2.3

f5 big-ip analytics 11.5.0

f5 big-ip analytics 11.5.1

f5 big-ip analytics 11.3.0

f5 big-ip analytics 11.2.1

f5 big-ip analytics 11.4.1

f5 big-ip analytics 11.4.0

f5 big-ip analytics 11.6.0

f5 big-ip analytics 11.2.0

f5 big-ip analytics 11.1.0

f5 big-ip analytics 11.0.0

f5 big-ip link controller 10.0.0

f5 big-ip link controller 11.0.0

f5 big-ip link controller 11.1.0

f5 big-ip link controller 11.6.0

f5 big-ip link controller 11.5.1

f5 big-ip link controller 10.2.2

f5 big-ip link controller 10.2.3

f5 big-ip link controller 11.3.0

f5 big-ip link controller 11.4.0

f5 big-ip link controller 10.1.0

f5 big-ip link controller 10.2.0

f5 big-ip link controller 11.2.0

f5 big-ip link controller 11.2.1

f5 big-ip link controller 10.2.4

f5 big-ip link controller 10.2.1

f5 big-ip link controller 11.4.1

f5 big-ip link controller 11.5.0

f5 enterprise manager 3.1.0

f5 enterprise manager 3.1.1

f5 enterprise manager 2.1.0

f5 enterprise manager 2.2.0

f5 enterprise manager 2.3.0

f5 enterprise manager 3.0.0

f5 big-ip local traffic manager 10.2.4

f5 big-ip local traffic manager 11.2.1

f5 big-ip local traffic manager 11.4.1

f5 big-ip local traffic manager 11.5.0

f5 big-ip local traffic manager 10.2.0

f5 big-ip local traffic manager 10.2.1

f5 big-ip local traffic manager 11.1.0

f5 big-ip local traffic manager 11.2.0

f5 big-ip local traffic manager 10.0.0

f5 big-ip local traffic manager 10.1.0

f5 big-ip local traffic manager 11.5.1

f5 big-ip local traffic manager 11.0.0

f5 big-ip local traffic manager 11.6.0

f5 big-ip local traffic manager 10.2.2

f5 big-ip local traffic manager 10.2.3

f5 big-ip local traffic manager 11.3.0

f5 big-ip local traffic manager 11.4.0

f5 big-ip edge gateway 10.2.3

f5 big-ip edge gateway 10.2.4

f5 big-ip edge gateway 11.0.0

f5 big-ip edge gateway 10.1.0

f5 big-ip edge gateway 10.2.0

f5 big-ip edge gateway 11.2.1

f5 big-ip edge gateway 11.3.0

f5 big-ip edge gateway 11.1.0

f5 big-ip edge gateway 11.2.0

f5 big-ip edge gateway 10.2.1

f5 big-ip edge gateway 10.2.2

Exploits

Exploit DB: F5 Big-IP 11.3.0.39.0 XML External Entity Injection #1
F5 Big-IP version 1130390 suffers from an XML external entity injection vulnerability ...

References

NVD-CWE-Otherhttps://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.htmlhttp://seclists.org/fulldisclosure/2014/Oct/130https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/http://seclists.org/fulldisclosure/2014/Oct/128https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/http://seclists.org/fulldisclosure/2014/Oct/129http://www.securitytracker.com/id/1031145http://www.securitytracker.com/id/1031144http://www.securityfocus.com/bid/70834http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/98403https://exchange.xforce.ibmcloud.com/vulnerabilities/98402https://nvd.nist.govhttps://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook