Computer Security
[EN] securityvulns.ru no-pyccku


F5 BIG-IP security vulnerabilities
Published:27.01.2013
Source:
SecurityVulns ID:12847
Type:remote
Threat Level:
5/10
Description:SQL and XML injections.
Affected:F5 : BIG-IP 11.2
CVE:CVE-2012-3000 (Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter.)
 CVE-2012-2997 (XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability (27.01.2013)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20130122-0 :: F5 BIG-IP XML External Entity Injection vulnerability (27.01.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod