CVE-2015-8021

Name of the Vulnerable Software and Affected Versions F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM versions 11.x through 11.2.1 before HF11, 11.3.x, 11.4.0 through 11.4.0 before HF8, and 11.4.1 through 11.4.1 before HF6 F5 BIG-IP AAM versions 11.4.0 through 11.4.0 before HF8, and 11.4.1 through 11.4.1 before HF6 F5 BIG-IP AFM and PEM versions 11.3.x, 11.4.0 through 11.4.0 before HF8, and 11.4.1 through 11.4.1 before HF6 F5 BIG-IP Edge Gateway, WebAccelerator, and WOM versions 11.x through 11.2.1 before HF11, and 11.3.0

Description The issue allows remote authenticated users to upload files via the uploadImage.php endpoint. This is due to an incomplete blacklist vulnerability in the Configuration utility.

Recommendations For F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM versions 11.x through 11.2.1 before HF11, 11.3.x, 11.4.0 through 11.4.0 before HF8, and 11.4.1 through 11.4.1 before HF6, update to a version that includes the fix, such as 11.2.1 HF11 or later, 11.4.0 HF8 or later, and 11.4.1 HF6 or later. For F5 BIG-IP AAM versions 11.4.0 through 11.4.0 before HF8, and 11.4.1 through 11.4.1 before HF6, update to a version that includes the fix, such as 11.4.0 HF8 or later, and 11.4.1 HF6 or later. For F5 BIG-IP AFM and PEM versions 11.3.x, 11.4.0 through 11.4.0 before HF8, and 11.4.1 through 11.4.1 before HF6, update to a version that includes the fix, such as 11.4.0 HF8 or later, and 11.4.1 HF6 or later. For F5 BIG-IP Edge Gateway, WebAccelerator, and WOM versions 11.x through 11.2.1 before HF11, and 11.3.0, update to a version that includes the fix, such as 11.2.1 HF11 or later. As a temporary workaround, consider restricting access to the uploadImage.php endpoint until a patch is available.