4
CVE-2015-4040
- EPSS 6.77%
- Veröffentlicht 17.09.2015 16:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5 ≫ Enterprise Manager Version3.0.0
F5 ≫ Enterprise Manager Version3.1.0
F5 ≫ Enterprise Manager Version3.1.1
F5 ≫ Big-ip Access Policy Manager Version <= 11.6.0
F5 ≫ Big-ip Advanced Firewall Manager Version <= 11.6.0
F5 ≫ Big-ip Analytics Version <= 11.6.0
F5 ≫ Big-ip Application Acceleration Manager Version <= 11.6.0
F5 ≫ Big-ip Application Security Manager Version <= 11.6.0
F5 ≫ Big-ip Edge Gateway Version <= 11.3.0
F5 ≫ Big-ip Global Traffic Manager Version <= 11.3.0
F5 ≫ Big-ip Link Controller Version <= 11.3.0
F5 ≫ Big-ip Local Traffic Manager Version <= 11.6.0
F5 ≫ Big-ip Policy Enforcement Manager Version <= 11.3.0
F5 ≫ Big-ip Protocol Security Module Version <= 11.3.0
F5 ≫ Big-ip Wan Optimization Manager Version <= 11.3.0
F5 ≫ Big-ip Webaccelerator Version <= 11.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.77% | 0.909 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.