VAR-201411-0351
Vulnerability from variot - Updated: 2024-02-13 22:31Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. F5 Networks BIG-IP is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information and to carry out other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A security vulnerability exists in the Configuration utility of several F5 products. A remote attacker could exploit this vulnerability to read arbitrary files or cause a denial of service. The following products and versions are affected: F5 BIG-IP LTM, ASM, GTM, Link Controller Version 11.0 to 11.6.0 and 10.0.0 to 10.2.4, AAM 11.4.0 to 11.6.0, ARM 11.3 .0 to 11.6.0, Analytics 11.0.0 to 11.6.0, APM and Edge Gateway 11.0 to 11.6.0 and 10.1.0 to 10.2.4, PEM 11.3.0 to 11.6. 0, PSM 11.0.0 to 11.4.1 and 10.0.0 to 10.2.4, WOM 11.0.0 to 11.3.0 and 10.0.0 to 10.2.4, Enterprise Manager 3.0.0 Version to version 3.1.1 and version 2.1.0 to version 2.3.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0351",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0.39.0"
}
],
"sources": [
{
"db": "BID",
"id": "70838"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oliver Gruskovnjak",
"sources": [
{
"db": "BID",
"id": "70838"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
],
"trust": 0.9
},
"cve": "CVE-2014-6033",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-73975",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNNVD",
"id": "CNNVD-201411-021",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73975",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73975"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. F5 Networks BIG-IP is prone to an XML External Entity injection vulnerability. \nAttackers can exploit this issue to obtain potentially sensitive information and to carry out other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A security vulnerability exists in the Configuration utility of several F5 products. A remote attacker could exploit this vulnerability to read arbitrary files or cause a denial of service. The following products and versions are affected: F5 BIG-IP LTM, ASM, GTM, Link Controller Version 11.0 to 11.6.0 and 10.0.0 to 10.2.4, AAM 11.4.0 to 11.6.0, ARM 11.3 .0 to 11.6.0, Analytics 11.0.0 to 11.6.0, APM and Edge Gateway 11.0 to 11.6.0 and 10.1.0 to 10.2.4, PEM 11.3.0 to 11.6. 0, PSM 11.0.0 to 11.4.1 and 10.0.0 to 10.2.4, WOM 11.0.0 to 11.3.0 and 10.0.0 to 10.2.4, Enterprise Manager 3.0.0 Version to version 3.1.1 and version 2.1.0 to version 2.3.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6033"
},
{
"db": "BID",
"id": "70838"
},
{
"db": "VULHUB",
"id": "VHN-73975"
},
{
"db": "VULMON",
"id": "CVE-2014-6033"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-73975",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73975"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-6033",
"trust": 2.1
},
{
"db": "BID",
"id": "70838",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1432",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128915",
"trust": 0.1
},
{
"db": "BID",
"id": "70834",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1031145",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1031144",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-73975",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128916",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-6033",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73975"
},
{
"db": "VULMON",
"id": "CVE-2014-6033"
},
{
"db": "BID",
"id": "70838"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
},
{
"db": "NVD",
"id": "CVE-2014-6033"
}
]
},
"id": "VAR-201411-0351",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-73975"
}
],
"trust": 0.5615448
},
"last_update_date": "2024-02-13T22:31:16.396000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "F5 BIG-IP Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209633"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/70838"
},
{
"trust": 0.4,
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/"
},
{
"trust": 0.3,
"url": "http://www.f5.com/products/big-ip/"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/70834"
},
{
"trust": 0.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2014/oct/128"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2014/oct/129"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2014/oct/130"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/128915/f5-big-ip-11.3.0.39.0-xml-external-entity-injection-1.html"
},
{
"trust": 0.1,
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1031144"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1031145"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98402"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98403"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/128916/f5-big-ip-11.3.0.39.0-xml-external-entity-injection-2.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73975"
},
{
"db": "VULMON",
"id": "CVE-2014-6033"
},
{
"db": "BID",
"id": "70838"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-73975"
},
{
"db": "VULMON",
"id": "CVE-2014-6033"
},
{
"db": "BID",
"id": "70838"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
},
{
"db": "NVD",
"id": "CVE-2014-6033"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-73975"
},
{
"date": "2014-11-05T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6033"
},
{
"date": "2014-10-03T00:00:00",
"db": "BID",
"id": "70838"
},
{
"date": "2014-10-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-021"
},
{
"date": "2014-11-05T08:28:25.053000",
"db": "NVD",
"id": "CVE-2014-6033"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-73975"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6033"
},
{
"date": "2014-10-03T00:00:00",
"db": "BID",
"id": "70838"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-021"
},
{
"date": "2023-11-07T02:20:56.233000",
"db": "NVD",
"id": "CVE-2014-6033"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "F5 BIG-IP Code injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-021"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…