Lucene search
F5CVELIST:CVE-2017-6145HistoryJul 12, 2017 - 12:00 a.m.
CVE-2017-6145
2017-07-1200:00:00
f5
www.cve.org
0.001 Low
EPSS
Percentile
43.2%
iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens.
CNA Affected
[
{
"product": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.0.0 through 12.1.2"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
]References
Related
f5
f5
K22317030 : iControl REST vulnerability CVE-2017-6145
2017-07-13 00:00:00
nessus
nessus
F5 Networks BIG-IP : iControl REST vulnerability (K22317030)
2017-07-13 00:00:00
cve
cve
CVE-2017-6145
2017-10-20 15:29:00
prion
prion
Authorization
2017-10-20 15:29:00
nvd
nvd
CVE-2017-6145
2017-10-20 15:29:00