PT-2017-16903 · F5 · F5 Ssl Intercept Iapp+1
Published
2017-04-06
·
Updated
2017-04-12
·
CVE-2017-6130
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
F5 SSL Intercept iApp versions 1.5.0 through 1.5.7
F5 SSL Orchestrator version 2.0
Description
The issue allows for a Server-Side Request Forgery (SSRF) attack. This occurs when the Dynamic Domain Bypass (DDB) feature is used along with the SNAT Auto Map option for egress traffic.
Recommendations
For F5 SSL Intercept iApp versions 1.5.0 through 1.5.7, consider disabling the Dynamic Domain Bypass (DDB) feature or the SNAT Auto Map option as a temporary workaround until a patch is available.
For F5 SSL Orchestrator version 2.0, restrict the use of the DDB feature with SNAT Auto Map to minimize the risk of exploitation.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Ssl Intercept Iapp
F5 Ssl Orchestrator