var-201411-0351
Vulnerability from variot
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. F5 Networks BIG-IP is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information and to carry out other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A security vulnerability exists in the Configuration utility of several F5 products. A remote attacker could exploit this vulnerability to read arbitrary files or cause a denial of service. The following products and versions are affected: F5 BIG-IP LTM, ASM, GTM, Link Controller Version 11.0 to 11.6.0 and 10.0.0 to 10.2.4, AAM 11.4.0 to 11.6.0, ARM 11.3 .0 to 11.6.0, Analytics 11.0.0 to 11.6.0, APM and Edge Gateway 11.0 to 11.6.0 and 10.1.0 to 10.2.4, PEM 11.3.0 to 11.6. 0, PSM 11.0.0 to 11.4.1 and 10.0.0 to 10.2.4, WOM 11.0.0 to 11.3.0 and 10.0.0 to 10.2.4, Enterprise Manager 3.0.0 Version to version 3.1.1 and version 2.1.0 to version 2.3.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0351",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0.39.0"
}
],
"sources": [
{
"db": "BID",
"id": "70838"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oliver Gruskovnjak",
"sources": [
{
"db": "BID",
"id": "70838"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
],
"trust": 0.9
},
"cve": "CVE-2014-6033",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-73975",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNNVD",
"id": "CNNVD-201411-021",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73975",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73975"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. F5 Networks BIG-IP is prone to an XML External Entity injection vulnerability. \nAttackers can exploit this issue to obtain potentially sensitive information and to carry out other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A security vulnerability exists in the Configuration utility of several F5 products. A remote attacker could exploit this vulnerability to read arbitrary files or cause a denial of service. The following products and versions are affected: F5 BIG-IP LTM, ASM, GTM, Link Controller Version 11.0 to 11.6.0 and 10.0.0 to 10.2.4, AAM 11.4.0 to 11.6.0, ARM 11.3 .0 to 11.6.0, Analytics 11.0.0 to 11.6.0, APM and Edge Gateway 11.0 to 11.6.0 and 10.1.0 to 10.2.4, PEM 11.3.0 to 11.6. 0, PSM 11.0.0 to 11.4.1 and 10.0.0 to 10.2.4, WOM 11.0.0 to 11.3.0 and 10.0.0 to 10.2.4, Enterprise Manager 3.0.0 Version to version 3.1.1 and version 2.1.0 to version 2.3.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6033"
},
{
"db": "BID",
"id": "70838"
},
{
"db": "VULHUB",
"id": "VHN-73975"
},
{
"db": "VULMON",
"id": "CVE-2014-6033"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-73975",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73975"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-6033",
"trust": 2.1
},
{
"db": "BID",
"id": "70838",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1432",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128915",
"trust": 0.1
},
{
"db": "BID",
"id": "70834",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1031145",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1031144",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-73975",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128916",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-6033",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73975"
},
{
"db": "VULMON",
"id": "CVE-2014-6033"
},
{
"db": "BID",
"id": "70838"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
},
{
"db": "NVD",
"id": "CVE-2014-6033"
}
]
},
"id": "VAR-201411-0351",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-73975"
}
],
"trust": 0.5615448
},
"last_update_date": "2024-02-13T22:31:16.396000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "F5 BIG-IP Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209633"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/70838"
},
{
"trust": 0.4,
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/"
},
{
"trust": 0.3,
"url": "http://www.f5.com/products/big-ip/"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/70834"
},
{
"trust": 0.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2014/oct/128"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2014/oct/129"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2014/oct/130"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/128915/f5-big-ip-11.3.0.39.0-xml-external-entity-injection-1.html"
},
{
"trust": 0.1,
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1031144"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1031145"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98402"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98403"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/128916/f5-big-ip-11.3.0.39.0-xml-external-entity-injection-2.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73975"
},
{
"db": "VULMON",
"id": "CVE-2014-6033"
},
{
"db": "BID",
"id": "70838"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-73975"
},
{
"db": "VULMON",
"id": "CVE-2014-6033"
},
{
"db": "BID",
"id": "70838"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
},
{
"db": "NVD",
"id": "CVE-2014-6033"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-73975"
},
{
"date": "2014-11-05T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6033"
},
{
"date": "2014-10-03T00:00:00",
"db": "BID",
"id": "70838"
},
{
"date": "2014-10-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-021"
},
{
"date": "2014-11-05T08:28:25.053000",
"db": "NVD",
"id": "CVE-2014-6033"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-73975"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6033"
},
{
"date": "2014-10-03T00:00:00",
"db": "BID",
"id": "70838"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-021"
},
{
"date": "2023-11-07T02:20:56.233000",
"db": "NVD",
"id": "CVE-2014-6033"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "F5 BIG-IP Code injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.