Lucene search

[email protected]CVE-2016-3687

HistoryJun 16, 2016 - 6:59 p.m.

CVE-2016-3687

2016-06-1618:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2016-3687

f5 big-ip

apm

open redirect vulnerability

remote attackers

phishing attacks

sso

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

5.6 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

51.8%

JSON

Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.2
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.2.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.3
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.4.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.4
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.6.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.4.1
f5:big-ip_edge_gatewayf5 big-ip edge gatewayeq11.2.1

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.2
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.2.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.3
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.4.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.4
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.6.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.4.1
f5:big-ip_edge_gateway	f5 big-ip edge gateway	eq	11.2.1

References

www.securitytracker.com/id/1036111

support.f5.com/kb/en-us/solutions/public/k/26/sol26738102.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

5.6 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for CVE-2016-3687

f52 prion1 nessus1 myhack581