2 matches found
F5 Networks BIG-IP : BIG-IP APM redirect vulnerability (K66171422)
Aninsecure AES ECB mode is usedfor origuri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts. CVE-2018-5548 Impact An attacker can forge a URL with an...
CVE-2018-5548
CVE-2018-5548 affects BIG-IP APM. The connected F5 advisory confirms an insecure AES ECB mode is used for the orig_uri parameter in an undisclosed /vdesk link of an APM virtual server with an access profile. This enables an attacker with a valid APM session to forge a redirect URL by manipulating...