Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.3
CVSSv3

CVE-2017-6145

Published: 20/10/2017 Updated: 15/11/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Big-ip Application Security Manager

Vulnerability Summary

iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 up to and including 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens.

Vulnerable Product Search on Vulmon Subscribe to Product

f5 big-ip application security manager 13.0.0

f5 big-ip local traffic manager 13.0.0

f5 big-ip policy enforcement manager 13.0.0

f5 big-ip application acceleration manager 13.0.0

f5 big-ip link controller 13.0.0

f5 big-ip domain name system 13.0.0

f5 big-ip analytics 12.1.2

f5 big-ip link controller 12.1.1

f5 big-ip policy enforcement manager 12.1.2

f5 big-ip local traffic manager 12.1.1

f5 big-ip application acceleration manager 12.1.0

f5 big-ip application acceleration manager 12.1.2

f5 big-ip websafe 13.0.0

f5 big-ip websafe 12.1.0

f5 big-ip websafe 12.1.1

f5 big-ip websafe 12.1.2

f5 big-ip policy enforcement manager 12.1.0

f5 big-ip advanced firewall manager 12.1.1

f5 big-ip advanced firewall manager 12.1.2

f5 big-ip access policy manager 12.1.2

f5 big-ip access policy manager 12.1.1

f5 big-ip access policy manager 12.1.0

f5 big-ip domain name system 12.1.0

f5 big-ip domain name system 12.1.1

f5 big-ip domain name system 12.1.2

f5 big-ip analytics 12.1.0

f5 big-ip local traffic manager 12.1.2

f5 big-ip application security manager 12.1.0

f5 big-ip application security manager 12.1.1

f5 big-ip application security manager 12.1.2

f5 big-ip advanced firewall manager 13.0.0

f5 big-ip analytics 13.0.0

f5 big-ip access policy manager 13.0.0

f5 big-ip analytics 12.1.1

f5 big-ip link controller 12.1.0

f5 big-ip link controller 12.1.2

f5 big-ip policy enforcement manager 12.1.1

f5 big-ip local traffic manager 12.1.0

f5 big-ip application acceleration manager 12.1.1

f5 big-ip advanced firewall manager 12.1.0

References

CWE-613https://support.f5.com/csp/article/K22317030https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook