Severity: High
Invicti identified a Local File Inclusion vulnerability in Big-IP, which occurs when a file from the target system is injected into the attacked server page.
Invicti confirmed this issue by reading some files from the target web server.
"/etc/passwd"
fileExploit of the vulnerability is known widely and should be addressed as soon as possible.
It is recommended that you upgrade to a fixed software version to fully mitigate this vulnerability.
If it is not possible to upgrade at this time, you can use the following sections as temporary mitigations:
tmsh
edit/sys httpd all-properties
include '
<LocationMatch ";">
Redirect 404 /
</LocationMatch>
'
vi
commands:Esc
:wq!
save /sys config
restart sys service httpd
quit
grep -C1 'Redirect 404' /etc/httpd/conf/httpd.conf
<LocationMatch ";">
Redirect 404 /
</LocationMatch>
If you have high availability (HA) configuration, you may now perform a ConfigSync operation as documented in K14856: Performing a ConfigSync using tmsh.