CVE-2018-5506

Published: Apr 13, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices.

Vendor	Product	Versions
F5 Networks, Inc.	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)	affected `13.0.0` affected `12.1.0-12.1.2` affected `11.6.1` affected `11.5.1-11.5.5` affected `11.2.1`

References

https://support.f5.com/csp/article/K65355492

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-5506

Description

Affected Products

References