CVE-2014-6032

F5 BIG-IP - Authenticated XML External Entity Injection via Configuration Utility

Title source: llm

Description

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.

References (12)

Core 12

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031145

Various Sources x_refsource_misc

https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031144

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Oct/128

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/98403

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/98402

Vendor Advisory x_refsource_confirm

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Oct/129

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Oct/130

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/70834

Exploit x_refsource_misc

http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html

Various Sources x_refsource_misc

https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/

Scores

EPSS 0.0253

EPSS Percentile 85.6%

Details

Status published

Products (50)

f5/big-ip_advanced_firewall_manager 11.3.0

f5/big-ip_advanced_firewall_manager 11.4.0

f5/big-ip_advanced_firewall_manager 11.4.1

f5/big-ip_advanced_firewall_manager 11.5.0

f5/big-ip_advanced_firewall_manager 11.5.1

f5/big-ip_advanced_firewall_manager 11.6.0

f5/big-ip_analytics 11.0.0

f5/big-ip_analytics 11.1.0

f5/big-ip_analytics 11.2.0

f5/big-ip_analytics 11.2.1

... and 40 more

Published Nov 01, 2014

Tracked Since Feb 18, 2026