Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices. (CVE-2018-5506)
Impact
This vulnerability can disclose the em_server_ipfield of valid client certificates. This does not reveal the certificate needed for authentication.