[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-8727Date: (C)2014-11-21   (M)2023-12-22


Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.2
Exploit Score: 3.1
Impact Score: 9.2
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: NONE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1031216
EXPLOIT-DB-35222
BID-71063
f5-bigip-cve20148727-dir-trav(98676)
http://packetstormsecurity.com/files/129084/F5-BIG-IP-10.1.0-Directory-Traversal.html
https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote_11_0_0_ltm.html
https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13109.html

CPE    1
cpe:/a:f5:big-ip_local_traffic_manager
CWE    1
CWE-22

© SecPod Technologies