CVE-2008-6474 - Vulnerability Details - OpenCVE

The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Tmos

Configuration 1 [-]

cpe:2.3:o:f5:tmos:9.4.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/51116
http://www.securityfocus.com/archive/1/490496/100/0/threaded
http://www.securityfocus.com/bid/28639
https://exchange.xforce.ibmcloud.com/vulnerabilities/49308

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-16T16:00:00

Updated: 2024-08-07T11:34:45.925Z

Reserved: 2009-03-16T00:00:00

Link: CVE-2008-6474

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-03-16T16:30:00.313

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-6474

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-05T00:00:00", "descriptions": [{"lang": "en", "value": "The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "51116", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/51116"}, {"name": "28639", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28639"}, {"name": "20080405 F5 BIG-IP Management Interface Perl Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/490496/100/0/threaded"}, {"name": "f5bigip-interface-code-execution(49308)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49308"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6474", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "51116", "refsource": "OSVDB", "url": "http://osvdb.org/51116"}, {"name": "28639", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28639"}, {"name": "20080405 F5 BIG-IP Management Interface Perl Injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490496/100/0/threaded"}, {"name": "f5bigip-interface-code-execution(49308)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49308"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:34:45.925Z"}, "title": "CVE Program Container", "references": [{"name": "51116", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/51116"}, {"name": "28639", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28639"}, {"name": "20080405 F5 BIG-IP Management Interface Perl Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/490496/100/0/threaded"}, {"name": "f5bigip-interface-code-execution(49308)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49308"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6474", "datePublished": "2009-03-16T16:00:00", "dateReserved": "2009-03-16T00:00:00", "dateUpdated": "2024-08-07T11:34:45.925Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:f5:tmos:9.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "238F0964-D138-4673-9747-C73E8D84E367", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection."}, {"lang": "es", "value": "El interfaz de gesti\u00f3n en F5 BIG-IP v9.4.3 permite a usuarios remotos autenticados con privilegios de \"Resource Manager\" inyectar c\u00f3digo Perl de su elecci\u00f3n mediante par\u00e1metros de configuraci\u00f3n no especificados relacionados a Perl EP3 con plantillas, provocando probablemente la inyecci\u00f3n de c\u00f3digo est\u00e1tico."}], "id": "CVE-2008-6474", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-16T16:30:00.313", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/51116"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/490496/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28639"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49308"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/51116"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/490496/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49308"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}