Back to search
CVE-2018-5548
Published: Sep 13, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
| Vendor | Product | Versions |
|---|---|---|
F5 Networks, Inc. | BIG-IP APM | affected 11.6.0-11.6.3 |
References
https://support.f5.com/csp/article/K66171422
x_refsource_CONFIRM
http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html
x_refsource_MISC
105353
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now