Applies To:

Show Versions Show Versions

sol14138: XML External Entity Injection (XXE) from authenticated source vulnerability CVE-2012-2997
Security AdvisorySecurity Advisory

Original Publication Date: 01/21/2013
Updated Date: 07/01/2016

The vulnerability described in this article has been resolved, or does not affect any F5 products. There will be no further updates, unless new information is discovered.

Vulnerability Description

An XML External Entity Injection (XXE) vulnerability exists in a BIG-IP component. This vulnerability may allow a user who is logged in to the BIG-IP Configuration utility to download arbitrary files from the file system.

Impact

An attacker may be able to exploit the vulnerability and retrieve arbitrary files, perform Denial of Service attacks, execute system level commands, or compromise the password table.

Security Issue Status

F5 Product Development has assigned ID 397358 to this vulnerability. To find out whether F5 has determined if your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:

ProductVersions known
to be vulnerable
Versions known
to be not vulnerable
Vulnerable component
or feature
BIG-IP LTM10.0.0 - 10.2.4
11.0.0 - 11.2.1
9.x
10.2.4 HF5
11.1.0 HF6
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
BIG-IP Configuration utility
BIG-IP GTM10.0.0 - 10.2.4
11.0.0 - 11.2.1
9.x
10.2.4 HF5
11.1.0 HF6
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
BIG-IP Configuration utility
BIG-IP ASM10.0.0 - 10.2.4
11.0.0 - 11.2.1
9.x
10.2.4 HF5
11.1.0 HF6
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
BIG-IP Configuration utility
BIG-IP Link Controller10.0.0 - 10.2.4
11.0.0 - 11.2.1
9.x
10.2.4 HF5
11.1.0 HF6
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
BIG-IP Configuration utility
BIG-IP WebAccelerator10.0.0 - 10.2.4
11.0.0 - 11.2.1
9.x
10.2.4 HF5
11.1.0 HF6
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
BIG-IP Configuration utility
BIG-IP PSM10.0.0 - 10.2.4
11.0.0 - 11.2.1
9.x
10.2.4 HF5
11.1.0 HF6
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
BIG-IP Configuration utility
BIG-IP WOM10.0.0 - 10.2.4
11.0.0 - 11.2.1
10.2.4 HF5
11.1.0 HF6
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
BIG-IP Configuration utility
BIG-IP APM10.0.0 - 10.2.4
11.0.0 - 11.2.1
10.2.4 HF5
11.1.0 HF6
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
BIG-IP Configuration utility
BIG-IP Edge Gateway10.0.0 - 10.2.4
11.0.0 - 11.2.1
10.2.4 HF5
11.1.0 HF6
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
BIG-IP Configuration utility
BIG-IP Analytics11.0.0 - 11.2.111.1.0 HF6
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0
BIG-IP Configuration utility
BIG-IP AFMNone11.3.0 - 11.4.0None
BIG-IP PEMNone11.3.0 - 11.4.0None
BIG-IP AAMNone11.4.0None
FirePassNone6.1.0
7.0.0
None
Enterprise ManagerNone1.x
2.x
3.x
None
ARXNone4.x
5.x
6.x
None

Vulnerability Recommended Actions

To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column.

Acknowledgements

F5 would like to acknowledge SEC Consult Vulnerability Lab for bringing this issue to our attention, and for following the highest standards of responsible disclosure.

Supplemental Information

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)