K26738102: BIG-IP APM SSO vulnerability CVE-2016-3687

Security Advisory Description Insufficient validation of the SSOORIGURI parameter occurs when using multi-domain single sign-on SSO. CVE-2016-3687 Impact An attacker may be able to tamper with the URL used to redirect the user in a multi-domain SSO environment by using BIG-IP APM. Systems that do...

S2-057 vulnerability in the original author's README: how to use automated tools find 5 RCE-vulnerability warning-the black bar safety net

! 2018 4 months, I to Apache Struts and the Struts security team reported a new remote code execution vulnerability--CVE-2018-11776（S2-057 in to do some configuration on a server running Struts, and can be accessed via the carefully constructed URL to trigger the vulnerability. This discovery is ...

CVE-2016-3687

Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on SSO, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the...

CVE-2016-3687

Summary (CVE-2016-3687) Open redirect vulnerability in F5 BIG-IP APM (multi‑domain SSO) and BIG-IP Edge Gateway, caused by insufficient validation of the SSO_ORIG_URI parameter. Affected: BIG-IP APM 11.4.0–11.6.0 (and 11.2.1); Edge Gateway 11.2.1. Attacker can craft base64‑encoded SSO_ORIG_URI to...

F5 Networks BIG-IP : BIG-IP APM SSO vulnerability (K26738102)

Insufficient validation of the SSOORIGURI parameter occurs when using multi-domain single sign-on SSO. CVE-2016-3687 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution K26738102. The text description of this plug...