Vulnerability CVE-2008-6474
Published: 2009-03-16   Modified: 2012-02-12

Description:
The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection.

See advisories in our WLB2 database:
Topic
Author
Date
High
F5 BIG-IP Management Interface Perl Injection
nnposter
18.03.2009

Type:

CWE-94

 (Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
F5 -> Big-ip 
F5 -> TMOS 

 References:
http://www.securityfocus.com/archive/1/490496/100/0/threaded
http://www.securityfocus.com/bid/28639
https://exchange.xforce.ibmcloud.com/vulnerabilities/49308
Copyright 2024, cxsecurity.com

 

Back to Top