Lucene search

[email protected]NVD:CVE-2016-9256

HistoryMay 09, 2017 - 3:29 p.m.

CVE-2016-9256

2017-05-0915:29:00

CWE-362

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.3%

JSON

In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user’s next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.

Affected configurations

Nvd

Node

f5big-ip_local_traffic_managerMatch12.0.0

f5big-ip_local_traffic_managerMatch12.1.0

f5big-ip_local_traffic_managerMatch12.1.1

f5big-ip_local_traffic_managerMatch12.1.2

Node

f5big-ip_application_acceleration_managerMatch12.0.0

f5big-ip_application_acceleration_managerMatch12.1.0

f5big-ip_application_acceleration_managerMatch12.1.1

f5big-ip_application_acceleration_managerMatch12.1.2

Node

f5big-ip_advanced_firewall_managerMatch12.0.0

f5big-ip_advanced_firewall_managerMatch12.1.0

f5big-ip_advanced_firewall_managerMatch12.1.1

f5big-ip_advanced_firewall_managerMatch12.1.2

Node

f5big-ip_analyticsMatch12.0.0

f5big-ip_analyticsMatch12.1.0

f5big-ip_analyticsMatch12.1.1

f5big-ip_analyticsMatch12.1.2

Node

f5big-ip_access_policy_managerMatch12.0.0

f5big-ip_access_policy_managerMatch12.1.0

f5big-ip_access_policy_managerMatch12.1.1

f5big-ip_access_policy_managerMatch12.1.2

Node

f5big-ip_application_security_managerMatch12.0.0

f5big-ip_application_security_managerMatch12.1.0

f5big-ip_application_security_managerMatch12.1.1

f5big-ip_application_security_managerMatch12.1.2

Node

f5big-ip_domain_name_systemMatch12.0.0

f5big-ip_domain_name_systemMatch12.1.0

f5big-ip_domain_name_systemMatch12.1.1

f5big-ip_domain_name_systemMatch12.1.2

Node

f5big-ip_link_controllerMatch12.0.0

f5big-ip_link_controllerMatch12.1.0

f5big-ip_link_controllerMatch12.1.1

f5big-ip_link_controllerMatch12.1.2

Node

f5big-ip_policy_enforcement_managerMatch12.0.0

f5big-ip_policy_enforcement_managerMatch12.1.0

f5big-ip_policy_enforcement_managerMatch12.1.1

f5big-ip_policy_enforcement_managerMatch12.1.2

Node

f5big-ip_websafeMatch12.0.0

f5big-ip_websafeMatch12.1.0

f5big-ip_websafeMatch12.1.1

f5big-ip_websafeMatch12.1.2

VendorProductVersionCPE
f5big-ip_local_traffic_manager12.0.0cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*
f5big-ip_local_traffic_manager12.1.0cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*
f5big-ip_local_traffic_manager12.1.1cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*
f5big-ip_local_traffic_manager12.1.2cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager12.0.0cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager12.1.0cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager12.1.1cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager12.1.2cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager12.0.0cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager12.1.0cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_local_traffic_manager	12.0.0	cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:::::::*
f5	big-ip_local_traffic_manager	12.1.0	cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:::::::*
f5	big-ip_local_traffic_manager	12.1.1	cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:::::::*
f5	big-ip_local_traffic_manager	12.1.2	cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:::::::*
f5	big-ip_application_acceleration_manager	12.0.0	cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:::::::*
f5	big-ip_application_acceleration_manager	12.1.0	cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:::::::*
f5	big-ip_application_acceleration_manager	12.1.1	cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:::::::*
f5	big-ip_application_acceleration_manager	12.1.2	cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:::::::*
f5	big-ip_advanced_firewall_manager	12.0.0	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:::::::*
f5	big-ip_advanced_firewall_manager	12.1.0	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:::::::*

Rows per page:

1-10 of 401

References

www.securityfocus.com/bid/96464

support.f5.com/csp/article/K47284724

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.3%

JSON

Related for NVD:CVE-2016-9256

openvas2 cvelist1 prion1 cve1 f51 nessus1