September 2015

View all on this date written articles further down below.
11 Sep 2015

F5 file path traversal – CVE 2015-4040

Earlier this year while pentesting a customer network, I identified a File Path traversal vulnerability in a F5 Big IP box. Chris Christian from F5 Security Response Team (SRT) reached out promptly and I shared the details with him. Chris confirmed yesterday that F5 has now released new version 12.0 that fixes this issue.

F5 has also published a Solution Article 17253 describing this path traversal vulnerability, affected devices / versions, impact, resolution & references, recently on Sep 9, 2015.


I have also posted a working exploit on Exploit-db and Packetstorm:

Read on.

Read more