In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
f5 big-ip local traffic manager 11.2.1 |
||
f5 big-ip local traffic manager 13.0.0 |
||
f5 big-ip local traffic manager 11.6.1 |
||
f5 big-ip local traffic manager |
||
f5 big-ip application acceleration manager 11.6.1 |
||
f5 big-ip application acceleration manager |
||
f5 big-ip application acceleration manager 11.2.1 |
||
f5 big-ip application acceleration manager 13.0.0 |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip advanced firewall manager 11.2.1 |
||
f5 big-ip advanced firewall manager 13.0.0 |
||
f5 big-ip advanced firewall manager 11.6.1 |
||
f5 big-ip analytics 11.6.1 |
||
f5 big-ip analytics 11.2.1 |
||
f5 big-ip analytics 13.0.0 |
||
f5 big-ip analytics |
||
f5 big-ip access policy manager |
||
f5 big-ip access policy manager 11.6.1 |
||
f5 big-ip access policy manager 11.2.1 |
||
f5 big-ip access policy manager 13.0.0 |
||
f5 big-ip application security manager |
||
f5 big-ip application security manager 11.2.1 |
||
f5 big-ip application security manager 13.0.0 |
||
f5 big-ip application security manager 11.6.1 |
||
f5 big-ip edge gateway 11.6.1 |
||
f5 big-ip edge gateway 11.2.1 |
||
f5 big-ip edge gateway |
||
f5 big-ip edge gateway 13.0.0 |
||
f5 big-ip global traffic manager |
||
f5 big-ip global traffic manager 11.6.1 |
||
f5 big-ip global traffic manager 11.2.1 |
||
f5 big-ip global traffic manager 13.0.0 |
||
f5 big-ip link controller 13.0.0 |
||
f5 big-ip link controller 11.6.1 |
||
f5 big-ip link controller |
||
f5 big-ip link controller 11.2.1 |
||
f5 big-ip policy enforcement manager 11.6.1 |
||
f5 big-ip policy enforcement manager 11.2.1 |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip policy enforcement manager 13.0.0 |
||
f5 big-ip webaccelerator |
||
f5 big-ip webaccelerator 13.0.0 |
||
f5 big-ip webaccelerator 11.6.1 |
||
f5 big-ip webaccelerator 11.2.1 |
||
f5 big-ip websafe 13.0.0 |
||
f5 big-ip websafe 11.6.1 |
||
f5 big-ip websafe |
||
f5 big-ip websafe 11.2.1 |
||
f5 big-ip domain name system 11.6.1 |
||
f5 big-ip domain name system |
||
f5 big-ip domain name system 11.2.1 |
||
f5 big-ip domain name system 13.0.0 |
Vulmon