Details of VAR-201411-0350

ID

VAR-201411-0350

CVE

CVE-2014-6032

TITLE

plural F5 Vulnerability to read arbitrary files in the product

Trust: 0.8

sources: JVNDB: JVNDB-2014-005192

DESCRIPTION

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements. plural F5 Product Configuration The utility has multiple locations XML Due to incomplete processing related to entity injection, arbitrary files can be read and service operation can be interrupted (DoS) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (XML Inappropriate restrictions on external entity references ) Has been identified. http://cwe.mitre.org/data/definitions/611.htmlRemotely authenticated users can read arbitrary files and interfere with service operation (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to obtain potentially sensitive information and to carry out other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A security vulnerability exists in the Configuration utility of several F5 products. 0, PSM 11.0.0 to 11.4.1 and 10.0.0 to 10.2.4, WOM 11.0.0 to 11.3.0 and 10.0.0 to 10.2.4, Enterprise Manager 3.0.0 Version to version 3.1.1 and version 2.1.0 to version 2.3.0

Trust: 1.98

sources: NVD: CVE-2014-6032 // JVNDB: JVNDB-2014-005192 // BID: 70834 // VULHUB: VHN-73975

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.0	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.4	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.0.0	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.1.0	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.0	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.1	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.3	Trust: 1.6
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.1.0	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.1.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.1.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.0.0 to 11.6.0	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.3.0 to 11.6.0	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.0.0 to 11.6.0	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.0 to 11.6.0	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.0.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.0.0 to 11.6.0	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.1.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.0.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.0.0 to 11.6.0	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.0.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.0.0 to 11.6.0	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.0.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.0.0 to 11.6.0	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.3.0 to 11.6.0	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.0.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.0.0 to 11.4.1	Trust: 0.8
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.0.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.0.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.1.0 to 2.3.0	Trust: 0.8
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.0.0 to 3.1.1	Trust: 0.8

sources: JVNDB: JVNDB-2014-005192 // CNNVD: CNNVD-201410-1432 // NVD: CVE-2014-6032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-6032
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-6032
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201410-1432
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-73975
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-6032
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-73975
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-73975 // JVNDB: JVNDB-2014-005192 // CNNVD: CNNVD-201410-1432 // NVD: CVE-2014-6032

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-005192 // NVD: CVE-2014-6032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-1432

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201410-1432

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005192

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-73975

PATCH

title:

SOL15605: XML Entity Injection vulnerabilities CVE-2014-6032 and CVE-2014-6033

url:

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html

Trust: 0.8

sources: JVNDB: JVNDB-2014-005192

EXTERNAL IDS

db:	NVD	id:	CVE-2014-6032	Trust: 2.8
db:	BID	id:	70834	Trust: 2.0
db:	PACKETSTORM	id:	128915	Trust: 1.1
db:	SECTRACK	id:	1031145	Trust: 1.1
db:	SECTRACK	id:	1031144	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-005192	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-1432	Trust: 0.7
db:	VULHUB	id:	VHN-73975	Trust: 0.1

sources: VULHUB: VHN-73975 // BID: 70834 // JVNDB: JVNDB-2014-005192 // CNNVD: CNNVD-201410-1432 // NVD: CVE-2014-6032

REFERENCES

url:	http://www.securityfocus.com/bid/70834	Trust: 1.7
url:	https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2014/oct/128	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/oct/129	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/oct/130	Trust: 1.1
url:	http://packetstormsecurity.com/files/128915/f5-big-ip-11.3.0.39.0-xml-external-entity-injection-1.html	Trust: 1.1
url:	https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/	Trust: 1.1
url:	https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/	Trust: 1.1
url:	http://www.securitytracker.com/id/1031144	Trust: 1.1
url:	http://www.securitytracker.com/id/1031145	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/98402	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/98403	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6032	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6032	Trust: 0.8
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-73975 // BID: 70834 // JVNDB: JVNDB-2014-005192 // CNNVD: CNNVD-201410-1432 // NVD: CVE-2014-6032

CREDITS

Oliver Gruskovnjak

Trust: 0.9

sources: BID: 70834 // CNNVD: CNNVD-201410-1432

SOURCES

db:	VULHUB	id:	VHN-73975
db:	BID	id:	70834
db:	JVNDB	id:	JVNDB-2014-005192
db:	CNNVD	id:	CNNVD-201410-1432
db:	NVD	id:	CVE-2014-6032

LAST UPDATE DATE

2024-11-23T22:08:12.764000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-73975	date:	2017-09-08T00:00:00
db:	BID	id:	70834	date:	2014-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-005192	date:	2015-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201410-1432	date:	2014-11-15T00:00:00
db:	NVD	id:	CVE-2014-6032	date:	2024-11-21T02:13:37.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-73975	date:	2014-11-01T00:00:00
db:	BID	id:	70834	date:	2014-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-005192	date:	2014-11-05T00:00:00
db:	CNNVD	id:	CNNVD-201410-1432	date:	2014-10-31T00:00:00
db:	NVD	id:	CVE-2014-6032	date:	2014-11-01T23:55:09.587