CVE-2015-4040
published 2015-09-17CVE-2015-4040: Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote…
medium4CVSS 3.1
AVNACLAuSCPINAN
EXPLOIT
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | <= 11.6.0 | — |
| f5 | big-ip_advanced_firewall_manager | <= 11.6.0 | — |
| f5 | big-ip_analytics | <= 11.6.0 | — |
| f5 | big-ip_application_acceleration_manager | <= 11.6.0 | — |
| f5 | big-ip_application_security_manager | <= 11.6.0 | — |
| f5 | big-ip_edge_gateway | <= 11.3.0 | — |
| f5 | big-ip_global_traffic_manager | <= 11.3.0 | — |
| f5 | big-ip_link_controller | <= 11.3.0 | — |
| f5 | big-ip_local_traffic_manager | <= 11.6.0 | — |
| f5 | big-ip_policy_enforcement_manager | <= 11.3.0 | — |
| f5 | big-ip_protocol_security_module | <= 11.3.0 | — |
| f5 | big-ip_wan_optimization_manager | <= 11.3.0 | — |
| f5 | big-ip_webaccelerator | <= 11.3.0 | — |
| f5 | enterprise_manager | — | — |
| f5 | enterprise_manager | — | — |
| f5 | enterprise_manager | — | — |