F5 Networks BIG-IP : Expat XML parser vulnerability (K65460334)
Medium Nessus Plugin ID 100112
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionExpat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (CVE-2012-6702)
An attacker may be able to defeat cryptographic protection mechanisms using the srand function.
This vulnerability exists for iControl Simple Object Access Protocol (SOAP) in the rare instance when a client uses the Expat parser provided in the iControl library and, within the same process, calls srand() to generate cryptographic values.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K65460334.