Applies To:

Show Versions Show Versions

sol14154: SQL injection vulnerability from an authenticated source CVE-2012-3000
Security AdvisorySecurity Advisory

Original Publication Date: 01/23/2013
Updated Date: 09/11/2013

Description

An SQL injection vulnerability exists in a BIG-IP component. This local vulnerability may allow an authenticated attacker to download arbitrary files from the file system.

Impact

An attacker may be able to exploit the vulnerability and retrieve arbitrary files or modify database contents.

F5 Product Development has assigned ID 400060 to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:

Product Versions known
to be vulnerable
Versions known
to be not vulnerable
Vulnerable component
or feature
BIG-IP LTM 11.0.0 - 11.2.1

9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
APM WebGUI
BIG-IP GTM 11.0.0 - 11.2.1
9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
APM WebGUI
BIG-IP ASM 11.0.0 - 11.2.1
9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
APM WebGUI
BIG-IP Link Controller 11.0.0 - 11.2.1
9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
APM WebGUI
BIG-IP WebAccelerator 11.0.0 - 11.2.1 9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0
AVR WebGUI
BIG-IP PSM 11.0.0 - 11.2.1 9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
APM WebGUI
BIG-IP WOM 11.0.0 - 11.2.1 10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0
AVR WebGUI
BIG-IP APM 11.0.0 - 11.2.1 10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
APM WebGUI
BIG-IP Edge Gateway
11.0.0 - 11.2.1 10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
APM WebGUI
BIG-IP Analytics
11.0.0 - 11.2.1 11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
APM WebGUI
BIG-IP AFM None
11.3.0 - 11.4.0
None
BIG-IP PEM None
11.3.0 - 11.4.0
None
BIG-IP AAM None 11.4.0 None
FirePass None
6.1.0
7.0.0
None
Enterprise Manager None
1.x
2.x
3.x
None
ARX None
4.x
5.x
6.x
None

Recommended action

To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column.

Supplemental Information

Acknowledgements

F5 would like to acknowledge SEC Consult Vulnerability Lab for bringing this issue to our attention, and for following the highest standards of responsible disclosure.

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)