The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x prior to 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 up to and including 11.3.0 might allow remote malicious users to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 big-ip edge gateway 11.3.0 |
||
f5 big-ip edge gateway 11.2.1 |
||
f5 big-ip edge gateway 11.2.0 |
||
f5 big-ip edge gateway 11.1.0 |
||
f5 big-ip edge gateway 11.0.0 |
||
f5 big-ip access policy manager 11.5.4 |
||
f5 big-ip access policy manager 11.5.3 |
||
f5 big-ip access policy manager 11.4.0 |
||
f5 big-ip access policy manager 11.2.1 |
||
f5 big-ip access policy manager 11.6.0 |
||
f5 big-ip access policy manager 11.3.0 |
||
f5 big-ip access policy manager 11.2.0 |
||
f5 big-ip access policy manager 11.1.0 |
||
f5 big-ip access policy manager 11.0.0 |
||
f5 big-ip access policy manager 11.5.2 |
||
f5 big-ip access policy manager 11.5.1 |
||
f5 big-ip access policy manager 11.5.0 |
||
f5 big-ip access policy manager 11.4.1 |