2 matches found
K23001529: SSL Intercept iApp and SSL Orchestrator Server-Side Request Forgery vulnerability CVE-2017-6130
Security Advisory Description F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery SSRF attack when deployed using the Dynamic Domain Bypass DDB feature feature plus SNAT Auto Map option for egress traffic. CVE-2017-6130 Impact A remote...
CVE-2017-6130
CVE-2017-6130 affects F5 SSL Intercept iApp 1.5.0–1.5.7 and SSL Orchestrator 2.0 when deployed with SNAT Automap and Dynamic Domain Bypass (DDB). The root cause is Server-Side Request Forgery (SSRF) allowing remote attacker to abuse egress routing, with CVSS v3.0 base score 7.3 (from F5 advisory)...