CVE-2015-8021

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:11.4.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:11.4.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-04-12 14:59

Updated : 2024-02-28 15:21


NVD link : CVE-2015-8021

Mitre link : CVE-2015-8021

CVE.ORG link : CVE-2015-8021


JSON object : View

Products Affected

f5

  • big-ip_analytics
  • big-ip_link_controller
  • big-ip_access_policy_manager
  • big-ip_global_traffic_manager
  • big-ip_edge_gateway
  • big-ip_advanced_firewall_manager
  • big-ip_local_traffic_manager
  • big-ip_policy_enforcement_manager
  • big-ip_protocol_security_module
  • big-ip_wan_optimization_manager
  • big-ip_application_security_manager
  • big-ip_application_acceleration_manager
  • big-ip_webaccelerator
CWE
CWE-284

Improper Access Control