CVE-2016-6249

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.5.0 through 11.6.1 F5 BIG-IP version 12.0.0

Description The issue allows local users to obtain sensitive information by reading log files. Specifically, REST requests that timeout during user account authentication may log sensitive attributes, such as passwords, in plaintext to /var/log/restjavad.0.log.

Recommendations For F5 BIG-IP versions 11.5.0 through 11.6.1, consider restricting access to the /var/log/restjavad.0.log file to minimize the risk of exploitation. For F5 BIG-IP version 12.0.0, consider restricting access to the /var/log/restjavad.0.log file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.