Posted by Portcullis Advisories on Oct 30
Vulnerability title: XML External Entity Injection in F5 Networks Big-IP
CVE: CVE-2014-6033
Vendor: F5 Networks
Product: Big-IP
Affected version: 11.3.0.39.0
Fixed version: N/A
Reported by: Oliver Gruskovnjak
Details:
F5 Networks Big-IP is vulnerable to an XML External Entity injection attack. The following xml payload was used to
trigger the XXE (The vulnerable URL is redacted due to the number of affected systems):…