F5 Networks BIG-IP : perl-XML-Twig vulnerability (K08383757)
Medium Nessus Plugin ID 105467
SynopsisThe remote device is missing a vendor-supplied security patch.
Descriptionperl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work.
External entities are always expanded, regardless of the option's setting. (CVE-2016-9180)
An authenticated user with a BIG-IP ASM administrative role, such as Policy Editor, may be able to craft an XML message which, when processed by the ASMConfig process using perl-XML-Twig , maycause a denial of service (DoS) orpotentially aninformation disclosure.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K08383757.