K82679059: BIG-IP APM SSO vulnerability CVE-2016-3686

Security Advisory Description Cleartext SessionID is visible in URL query parameters under some conditions. CVE-2016-3686 Impact There is a theoretical risk that a user could obtain unauthorized access to the system, causing a security breach. Security Advisory Status F5 Product Development has...

F5 BIG-IP - BIG-IP APM SSO vulnerability CVE-2016-3686

The remote host is missing a security patch. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...

CVE-2016-3686

The CVE-2016-3686 issue affects F5 BIG-IP APM SSO (and BIG-IP Edge Gateway) where Cleartext SessionID can appear in the Location header during redirects. Affected are BIG-IP APM 11.0.0–11.6.0 (HF6 in 11.6.0) and BIG-IP Edge Gateway 11.0.0–11.3.0; other components are listed as affected/not vulner...

CVE-2016-3686

The Single Sign-On SSO feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect...

SOL82679059 - BIG-IP APM SSO vulnerability CVE-2016-3686

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...