CVE-2014-8727

F5 BIG-IP Local Traffic Manager < 10.2.1 - Authenticated Path Traversal via Archive Properties or Form Name Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8727. PoCs published by Anastasios Monachos.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in F5 BIG-IP 10.1.0, allowing authenticated users with specific privileges to enumerate and delete arbitrary files on the system. The PoC includes HTTP GET and POST requests to exploit the flaw.

Description

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.

Exploits (1)

exploitdb WORKING POC

by Anastasios Monachos · textwebappsjsp

https://www.exploit-db.com/exploits/35222

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in F5 BIG-IP 10.1.0, allowing authenticated users with specific privileges to enumerate and delete arbitrary files on the system. The PoC includes HTTP GET and POST requests to exploit the flaw.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: F5 BIG-IP 10.1.0

Auth required

Prerequisites: Authenticated access with 'Resource Administrator' or 'Administrator' role privileges

MITRE ATT&CK