Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

F5 BIG-IP - BIG-IP APM access logs vulnerability CVE-2016-1497

Information

Severity

Severity

Medium

Family

Family

F5 Local Security Checks

CVSSv2 Base

CVSSv2 Base

4.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

7 years ago

Modified

Modified

2 years ago

Summary

A vulnerability in the BIG-IP Configuration utility can be used by an unauthorized BIG-IP administrative user to gain unauthorized access to the Access Policy Manager (APM) access logs. This vulnerability requires valid user account credentials and access to the Configuration utility. This flaw exists when APM is configured, and exposes session details within the access logs. If the BIG-IP APM system is not in use, the vulnerability still exists. However, there is no data stored in the log files in question when the BIG-IP APM system is not actively in use.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

See the referenced vendor advisory for a solution.

Common Vulnerabilities and Exposures (CVE)