CVE-2008-6474
Severity Score
9.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection.
El interfaz de gestión en F5 BIG-IP v9.4.3 permite a usuarios remotos autenticados con privilegios de "Resource Manager" inyectar código Perl de su elección mediante parámetros de configuración no especificados relacionados a Perl EP3 con plantillas, provocando probablemente la inyección de código estático.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-03-16 CVE Reserved
- 2009-03-16 CVE Published
- 2023-05-04 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/51116 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/490496/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/28639 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49308 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|