Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs
Brought to you by:
Suppliers of:
New vulnerability? New tool? Tell us
Subjects of Interest:
Vulnerability Management
SQL Injection
Buffer Overflows
Active Network Scanning
Fuzzing
Fuzzer Report
Network Security
Network Scanner
Pen Testing
Security Scanner
Scanner Review
Fuzzer Review
Web Scanner Review
The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allows remote administrators to read Access Policy Manager (APM) access logs via vectors.
Credit:
The original article can be found at: http://www.securitytracker.com/id/1036631
Vulnerable Systems:
* F5 Big-ip Access Policy Manager 11.0.0
* F5 Big-ip Access Policy Manager 11.1.0
* F5 Big-ip Access Policy Manager 11.2.0
* F5 Big-ip Access Policy Manager 11.2.1
* F5 Big-ip Access Policy Manager 11.3.0
* F5 Big-ip Access Policy Manager 11.4.0
* F5 Big-ip Access Policy Manager 11.4.1
* F5 Big-ip Access Policy Manager 11.5.0
* F5 Big-ip Access Policy Manager 11.5.1
* F5 Big-ip Access Policy Manager 11.5.2
* F5 Big-ip Access Policy Manager 11.5.3
* F5 Big-ip Access Policy Manager 11.5.4
* F5 Big-ip Access Policy Manager 11.6.0
* F5 Big-ip Access Policy Manager 12.0.0
* F5 Big-ip Advanced Firewall Manager 11.2.1
* F5 Big-ip Advanced Firewall Manager 11.3.0
* F5 Big-ip Advanced Firewall Manager 11.4.0
* F5 Big-ip Advanced Firewall Manager 11.4.1
* F5 Big-ip Advanced Firewall Manager 11.5.0
* F5 Big-ip Advanced Firewall Manager 11.5.1
* F5 Big-ip Advanced Firewall Manager 11.5.2
* F5 Big-ip Advanced Firewall Manager 11.5.3
* F5 Big-ip Advanced Firewall Manager 11.5.4
* F5 Big-ip Advanced Firewall Manager 11.6.0
* F5 Big-ip Advanced Firewall Manager 12.0.0
* F5 Big-ip Analytics 11.0.0
* F5 Big-ip Analytics 11.1.0
* F5 Big-ip Analytics 11.2.0
* F5 Big-ip Analytics 11.2.1
* F5 Big-ip Analytics 11.3.0
* F5 Big-ip Analytics 11.4.0
* F5 Big-ip Analytics 11.4.1
* F5 Big-ip Analytics 11.5.0
* F5 Big-ip Analytics 11.5.1
* F5 Big-ip Analytics 11.5.2
* F5 Big-ip Analytics 11.5.3
* F5 Big-ip Analytics 11.5.4
* F5 Big-ip Analytics 11.6.0
* F5 Big-ip Analytics 12.0.0
* F5 Big-ip Application Acceleration Manager 11.4.0
* F5 Big-ip Application Acceleration Manager 11.4.1
* F5 Big-ip Application Acceleration Manager 11.5.0
* F5 Big-ip Application Acceleration Manager 11.5.1
* F5 Big-ip Application Acceleration Manager 11.5.2
* F5 Big-ip Application Acceleration Manager 11.5.3
* F5 Big-ip Application Acceleration Manager 11.5.4
* F5 Big-ip Application Acceleration Manager 11.6.0
* F5 Big-ip Application Acceleration Manager 12.0.0
* F5 Big-ip Application Security Manager 11.0.0
* F5 Big-ip Application Security Manager 11.1.0
* F5 Big-ip Application Security Manager 11.2.0
* F5 Big-ip Application Security Manager 11.2.1
* F5 Big-ip Application Security Manager 11.3.0
* F5 Big-ip Application Security Manager 11.4.0
* F5 Big-ip Application Security Manager 11.4.1
* F5 Big-ip Application Security Manager 11.5.0
* F5 Big-ip Application Security Manager 11.5.1
* F5 Big-ip Application Security Manager 11.5.2
* F5 Big-ip Application Security Manager 11.5.3
* F5 Big-ip Application Security Manager 11.5.4
* F5 Big-ip Application Security Manager 11.6.0
* F5 Big-ip Application Security Manager 12.0.0
* F5 Big-ip Domain Name System 12.0.0
* F5 Big-ip Edge Gateway 11.0.0
* F5 Big-ip Edge Gateway 11.1.0
* F5 Big-ip Edge Gateway 11.2.0
* F5 Big-ip Edge Gateway 11.2.1
* F5 Big-ip Edge Gateway 11.3.0
* F5 Big-ip Global Traffic Manager 11.0.0
* F5 Big-ip Global Traffic Manager 11.1.0
* F5 Big-ip Global Traffic Manager 11.2.0
* F5 Big-ip Global Traffic Manager 11.2.1
* F5 Big-ip Global Traffic Manager 11.3.0
* F5 Big-ip Global Traffic Manager 11.4.0
* F5 Big-ip Global Traffic Manager 11.4.1
* F5 Big-ip Global Traffic Manager 11.5.0
* F5 Big-ip Global Traffic Manager 11.5.1
* F5 Big-ip Global Traffic Manager 11.5.2
* F5 Big-ip Global Traffic Manager 11.5.3
* F5 Big-ip Global Traffic Manager 11.5.4
* F5 Big-ip Global Traffic Manager 11.6.0
* F5 Big-ip Link Controller 11.0.0
* F5 Big-ip Link Controller 11.1.0
* F5 Big-ip Link Controller 11.2.0
* F5 Big-ip Link Controller 11.2.1
* F5 Big-ip Link Controller 11.3.0
* F5 Big-ip Link Controller 11.4.0
* F5 Big-ip Link Controller 11.4.1
* F5 Big-ip Link Controller 11.5.0
* F5 Big-ip Link Controller 11.5.1
* F5 Big-ip Link Controller 11.5.2
* F5 Big-ip Link Controller 11.5.3
* F5 Big-ip Link Controller 11.5.4
* F5 Big-ip Link Controller 11.6.0
* F5 Big-ip Link Controller 12.0.0
* F5 Big-ip Local Traffic Manager 11.0.0
* F5 Big-ip Local Traffic Manager 11.1.0
* F5 Big-ip Local Traffic Manager 11.2.0
* F5 Big-ip Local Traffic Manager 11.2.1
* F5 Big-ip Local Traffic Manager 11.3.0
* F5 Big-ip Local Traffic Manager 11.4.0
* F5 Big-ip Local Traffic Manager 11.4.1
* F5 Big-ip Local Traffic Manager 11.5.0
* F5 Big-ip Local Traffic Manager11.5.1
* F5 Big-ip Local Traffic Manager 11.5.2
* F5 Big-ip Local Traffic Manager 11.5.3
* F5 Big-ip Local Traffic Manager 11.5.4
* F5 Big-ip Local Traffic Manager 11.6.0
* F5 Big-ip Local Traffic Manager 12.0.0
* F5 Big-ip Policy Enforcement Manager 11.3.0
* F5 Big-ip Policy Enforcement Manager 11.4.0
* F5 Big-ip Policy Enforcement Manager 11.4.1
* F5 Big-ip Policy Enforcement Manager 11.5.0
* F5 Big-ip Policy Enforcement Manager 11.5.1
* F5 Big-ip Policy Enforcement Manager 11.5.2
* F5 Big-ip Policy Enforcement Manager 11.5.3
* F5 Big-ip Policy Enforcement Manager 11.5.4
* F5 Big-ip Policy Enforcement Manager 11.6.0
* F5 Big-ip Policy Enforcement Manager 12.0.0
* F5 Big-ip Protocol Security Manager 11.0.0
* F5 Big-ip Protocol Security Manager 11.1.0
* F5 Big-ip Protocol Security Manager 11.2.0
* F5 Big-ip Protocol Security Manager 11.2.1
* F5 Big-ip Protocol Security Manager 11.3.0
* F5 Big-ip Protocol Security Manager 11.4.0
* F5 Big-ip Protocol Security Manager 11.4.1
* F5 Big-ip Wan Optimization Manager 11.0.0
* F5 Big-ip Wan Optimization Manager 11.1.0
* F5 Big-ip Wan Optimization Manager 11.2.0
* F5 Big-ip Wan Optimization Manager 11.2.1
* F5 Big-ip Wan Optimization Manager 11.3.0
* F5 Big-ip Webaccelerator 11.0.0
* F5 Big-ip Webaccelerator 11.1.0
* F5 Big-ip Webaccelerator 11.2.0
* F5 Big-ip Webaccelerator 11.2.1
* F5 Big-ip Webaccelerator 11.3.0
A vulnerability in the BIG-IP Configuration utility can be used by an unauthorized BIG-IP administrative user to gain unauthorized access to the Access Policy Manager (APM) access logs. This vulnerability requires valid user account credentials and access to the Configuration utility. This flaw exists when APM is configured, and exposes session details within the access logs. If the BIG-IP APM system is not in use, the vulnerability still exists; however, there is no data stored in the log files in question when the BIG-IP APM system is not actively in use.
CVE Information:
CVE-2016-1497
Disclosure Timeline:
Publish Date : 2016-08-26
Last Update Date : 2016-08-26
Please enable JavaScript to view the comments powered by Disqus.
blog comments powered by