4
CVE-2015-4040
- EPSS 6.77%
- Published 17.09.2015 16:59:01
- Last modified 12.04.2025 10:46:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
Data is provided by the National Vulnerability Database (NVD)
F5 ≫ Enterprise Manager Version3.0.0
F5 ≫ Enterprise Manager Version3.1.0
F5 ≫ Enterprise Manager Version3.1.1
F5 ≫ Big-ip Access Policy Manager Version <= 11.6.0
F5 ≫ Big-ip Advanced Firewall Manager Version <= 11.6.0
F5 ≫ Big-ip Analytics Version <= 11.6.0
F5 ≫ Big-ip Application Acceleration Manager Version <= 11.6.0
F5 ≫ Big-ip Application Security Manager Version <= 11.6.0
F5 ≫ Big-ip Edge Gateway Version <= 11.3.0
F5 ≫ Big-ip Global Traffic Manager Version <= 11.3.0
F5 ≫ Big-ip Link Controller Version <= 11.3.0
F5 ≫ Big-ip Local Traffic Manager Version <= 11.6.0
F5 ≫ Big-ip Policy Enforcement Manager Version <= 11.3.0
F5 ≫ Big-ip Protocol Security Module Version <= 11.3.0
F5 ≫ Big-ip Wan Optimization Manager Version <= 11.3.0
F5 ≫ Big-ip Webaccelerator Version <= 11.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.77% | 0.909 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.