CVE-2016-3686

Name of the Vulnerable Software and Affected Versions F5 BIG-IP APM versions 11.x before 11.6.0 HF6 F5 BIG-IP Edge Gateway versions 11.0.0 through 11.3.0

Description The Single Sign-On (SSO) feature might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.

Recommendations For F5 BIG-IP APM versions 11.x before 11.6.0 HF6, update to version 11.6.0 HF6 or later to resolve the issue. For F5 BIG-IP Edge Gateway versions 11.0.0 through 11.3.0, consider disabling the SSO feature until a patch is available. As a temporary workaround, restrict access to the Location HTTP header in redirects to minimize the risk of exploitation.