F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. (CVE-2017-6130)
Impact
A remote attacker may be able to perform Server-Side Request Forgery (SSRF) attacks against systems.
The CVSS 3.0 metrics for CVE-2017-6130
Following are the CVSS 3.0 metrics for this vulnerability:
Note: Due to details unique to CVE-2017-6130, we have included CVSS 3.0 metrics in this article. We have not included CVSS 3.0 metrics in Security Advisory articles published on AskF5 for other vulnerabilities.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 11.6.1 | |
big-ip afm | eq | 12.0.0 |