Lucene search

[email protected]CVE-2016-6249

HistoryFeb 20, 2017 - 3:59 p.m.

CVE-2016-6249

2017-02-2015:59:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2016-6249

f5 big-ip

rest requests

user account authentication

sensitive information

plaintext

local users

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

5.4 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerMatch11.5.0

f5big-ip_access_policy_managerMatch11.5.1

f5big-ip_access_policy_managerMatch11.5.2

f5big-ip_access_policy_managerMatch11.5.3

f5big-ip_access_policy_managerMatch11.5.4

f5big-ip_access_policy_managerMatch11.6.0

f5big-ip_access_policy_managerMatch11.6.1

f5big-ip_access_policy_managerMatch12.0.0

f5big-ip_advanced_firewall_managerMatch11.5.0

f5big-ip_advanced_firewall_managerMatch11.5.1

f5big-ip_advanced_firewall_managerMatch11.5.2

f5big-ip_advanced_firewall_managerMatch11.5.3

f5big-ip_advanced_firewall_managerMatch11.5.4

f5big-ip_advanced_firewall_managerMatch11.6.0

f5big-ip_advanced_firewall_managerMatch11.6.1

f5big-ip_advanced_firewall_managerMatch12.0.0

f5big-ip_analyticsMatch11.5.0

f5big-ip_analyticsMatch11.5.1

f5big-ip_analyticsMatch11.5.2

f5big-ip_analyticsMatch11.5.3

f5big-ip_analyticsMatch11.5.4

f5big-ip_analyticsMatch11.6.0

f5big-ip_analyticsMatch11.6.1

f5big-ip_analyticsMatch12.0.0

f5big-ip_application_acceleration_managerMatch11.5.0

f5big-ip_application_acceleration_managerMatch11.5.1

f5big-ip_application_acceleration_managerMatch11.5.2

f5big-ip_application_acceleration_managerMatch11.5.3

f5big-ip_application_acceleration_managerMatch11.5.4

f5big-ip_application_acceleration_managerMatch11.6.0

f5big-ip_application_acceleration_managerMatch11.6.1

f5big-ip_application_acceleration_managerMatch12.0.0

f5big-ip_application_security_managerMatch11.5.0

f5big-ip_application_security_managerMatch11.5.1

f5big-ip_application_security_managerMatch11.5.2

f5big-ip_application_security_managerMatch11.5.3

f5big-ip_application_security_managerMatch11.5.4

f5big-ip_application_security_managerMatch11.6.0

f5big-ip_application_security_managerMatch11.6.1

f5big-ip_application_security_managerMatch12.0.0

f5big-ip_domain_name_systemMatch12.0.0

f5big-ip_global_traffic_managerMatch11.5.0

f5big-ip_global_traffic_managerMatch11.5.1

f5big-ip_global_traffic_managerMatch11.5.2

f5big-ip_global_traffic_managerMatch11.5.3

f5big-ip_global_traffic_managerMatch11.5.4

f5big-ip_global_traffic_managerMatch11.6.0

f5big-ip_global_traffic_managerMatch11.6.1

f5big-ip_link_controllerMatch11.5.0

f5big-ip_link_controllerMatch11.5.1

f5big-ip_link_controllerMatch11.5.2

f5big-ip_link_controllerMatch11.5.3

f5big-ip_link_controllerMatch11.5.4

f5big-ip_link_controllerMatch11.6.0

f5big-ip_link_controllerMatch11.6.1

f5big-ip_link_controllerMatch12.0.0

f5big-ip_local_traffic_managerMatch11.5.0

f5big-ip_local_traffic_managerMatch11.5.1

f5big-ip_local_traffic_managerMatch11.5.2

f5big-ip_local_traffic_managerMatch11.5.3

f5big-ip_local_traffic_managerMatch11.5.4

f5big-ip_local_traffic_managerMatch11.6.0

f5big-ip_local_traffic_managerMatch11.6.1

f5big-ip_local_traffic_managerMatch12.0.0

f5big-ip_policy_enforcement_managerMatch11.5.0

f5big-ip_policy_enforcement_managerMatch11.5.1

f5big-ip_policy_enforcement_managerMatch11.5.2

f5big-ip_policy_enforcement_managerMatch11.5.3

f5big-ip_policy_enforcement_managerMatch11.5.4

f5big-ip_policy_enforcement_managerMatch11.6.0

f5big-ip_policy_enforcement_managerMatch11.6.1

f5big-ip_policy_enforcement_managerMatch12.0.0

f5big-ip_websafeMatch11.5.0

f5big-ip_websafeMatch11.5.1

f5big-ip_websafeMatch11.5.2

f5big-ip_websafeMatch11.5.3

f5big-ip_websafeMatch11.5.4

f5big-ip_websafeMatch11.6.0

f5big-ip_websafeMatch11.6.1

f5big-ip_websafeMatch12.0.0

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.2
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.3
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.4
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.6.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.6.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.0.0
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managereq11.5.0
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managereq11.5.1

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.2
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.3
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.4
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.6.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.6.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.0.0
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	eq	11.5.0
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	eq	11.5.1

Rows per page:

1-10 of 801

CNA Affected

[
  {
    "product": "F5 BIG-IP, REST Framework Logging",
    "vendor": "F5 Networks",
    "versions": [
      {
        "status": "affected",
        "version": "BIG-IP 12.0.0, BIG-IP 11.5.0 - 11.6.1"
      }
    ]
  }
]

References

www.securitytracker.com/id/1037873

support.f5.com/csp/article/K12685114

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

5.4 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-6249

f51 prion1 nessus1 cvelist1 nvd1 openvas1