CVE-2012-2997

F5 BIG-IP <11.2.1 - Info Disclosure

Title source: llm

Description

XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · textremotehardware

https://www.exploit-db.com/exploits/38233

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/81426

Vendor Advisory x_refsource_confirm

http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/89447

Exploit x_refsource_misc

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/57496

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2013-01/0093.html

Scores

EPSS 0.0885

EPSS Percentile 92.6%

Details

CWE

CWE-200

Status published

Products (4)

f5/big-ip_configuration_utility 10.0.0

f5/big-ip_configuration_utility 10.2.4

f5/big-ip_configuration_utility 11.0.0

f5/big-ip_configuration_utility 11.2.1

Published Jan 21, 2014

Tracked Since Feb 18, 2026