Published: 12/04/2016 Updated: 28/11/2016

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x prior to 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x prior to 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
f5 big-ip wan optimization manager 11.0.0
f5 big-ip webaccelerator 11.3.0
f5 big-ip protocol security module 11.3.0
f5 big-ip protocol security module 11.2.1
f5 big-ip link controller 11.4.0
f5 big-ip link controller 11.3.0
f5 big-ip global traffic manager 11.2.1
f5 big-ip global traffic manager 11.2.0
f5 big-ip edge gateway 11.0.0
f5 big-ip application security manager 11.4.1
f5 big-ip access policy manager 11.1.0
f5 big-ip access policy manager 11.0.0
f5 big-ip analytics 11.2.0
f5 big-ip analytics 11.2.1
f5 big-ip application acceleration manager 11.4.0
f5 big-ip application acceleration manager 11.4.1
f5 big-ip webaccelerator 11.2.1
f5 big-ip webaccelerator 11.2.0
f5 big-ip protocol security module 11.2.0
f5 big-ip protocol security module 11.0.0
f5 big-ip link controller 11.2.1
f5 big-ip link controller 11.2.0
f5 big-ip global traffic manager 11.1.0
f5 big-ip global traffic manager 11.0.0
f5 big-ip application security manager 11.4.0
f5 big-ip application security manager 11.3.0
f5 big-ip access policy manager 11.2.1
f5 big-ip access policy manager 11.3.0
f5 big-ip analytics 11.3.0
f5 big-ip analytics 11.4.0
f5 big-ip local traffic manager 11.0.0
f5 big-ip local traffic manager 11.1.0
f5 big-ip local traffic manager 11.2.0
f5 big-ip wan optimization manager 11.3.0
f5 big-ip wan optimization manager 11.2.1
f5 big-ip webaccelerator 11.1.0
f5 big-ip webaccelerator 11.0.0
f5 big-ip protocol security module 11.1.0
f5 big-ip policy enforcement manager 11.4.1
f5 big-ip link controller 11.1.0
f5 big-ip link controller 11.0.0
f5 big-ip edge gateway 11.3.0
f5 big-ip edge gateway 11.2.1
f5 big-ip application security manager 11.2.1
f5 big-ip application security manager 11.2.0
f5 big-ip application security manager 11.1.0
f5 big-ip access policy manager 11.4.0
f5 big-ip access policy manager 11.4.1
f5 big-ip analytics 11.4.1
f5 big-ip advanced firewall manager 11.3.0
f5 big-ip local traffic manager 11.2.1
f5 big-ip local traffic manager 11.3.0
f5 big-ip wan optimization manager 11.2.0
f5 big-ip wan optimization manager 11.1.0
f5 big-ip protocol security module 11.4.1
f5 big-ip protocol security module 11.4.0
f5 big-ip policy enforcement manager 11.4.0
f5 big-ip policy enforcement manager 11.3.0
f5 big-ip link controller 11.4.1
f5 big-ip global traffic manager 11.4.0
f5 big-ip global traffic manager 11.3.0
f5 big-ip edge gateway 11.2.0
f5 big-ip edge gateway 11.1.0
f5 big-ip application security manager 11.0.0
f5 big-ip access policy manager 11.2.0
f5 big-ip analytics 11.0.0
f5 big-ip analytics 11.1.0
f5 big-ip advanced firewall manager 11.4.0
f5 big-ip advanced firewall manager 11.4.1
f5 big-ip local traffic manager 11.4.0
f5 big-ip local traffic manager 11.4.1

CWE-284 https://support.f5.com/kb/en-us/solutions/public/k/49/sol49580002.html http://www.securitytracker.com/id/1034781 http://www.securityfocus.com/bid/82340 https://nvd.nist.gov

Get Started

CVE-2015-8021

Vulnerability Summary

References

Vulmon Search

About

Products

Connect