Invicti identified a Local File Inclusion vulnerability in Big-IP, which occurs when a file from the target system is injected into the attacked server page.
Invicti confirmed this issue by reading some files from the target web server.
The impact can vary, based on the exploitation and the read permission of the web server user. Depending on these factors, an attacker might carry out one or more of the following attacks:
"/etc/passwd"
fileExploit of the vulnerability is known widely and should be addressed as soon as possible.
tmsh
edit/sys httpd all-properties
include '
<LocationMatch ";">
Redirect 404 /
</LocationMatch>
'
vi
commands:Esc
:wq!
save /sys config
restart sys service httpd
quit
grep -C1 'Redirect 404' /etc/httpd/conf/httpd.conf
<LocationMatch ";">
Redirect 404 /
</LocationMatch>
If you have high availability (HA) configuration, you may now perform a ConfigSync operation as documented in K14856: Performing a ConfigSync using tmsh.
It is recommended that you upgrade to a fixed software version to fully mitigate this vulnerability.
If it is not possible to upgrade at this time, you can use the following sections as temporary mitigations:
You can search and find all vulnerabilities