CVE-2015-4040 F5 BIG-IP ASM Configuration Utility Directory Traversal Vulnerability (SOL17253)

The Configuration Utility implemented in vulnerable versions of F5 BIG-IP ASM fails to properly validate user-supplied input. A remote authenticated user can supply a specially crafted request to view files on the target system that are located within the web root directory.

Affected Versions:
BIG-IP ASM 11.0.0 - 11.6.0 BIG-IP ASM 10.1.0 - 10.2.4

Successful exploitation allows an authenticated, remote attacker to gain an unauthorized access to files located within the web root.

Customers are advised to refer to SOL17253 for updates pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SOL17253