PT-2017-9192 · F5 · F5 Big-Ip Apm
Published
2017-04-11
·
Updated
2017-07-12
·
CVE-2016-7467
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP APM versions 11.5.4 through 11.5.4 HF2
F5 BIG-IP APM versions 11.6.0 through 11.6.1 HF1
F5 BIG-IP APM versions 12.0.0 through 12.1.1
Description
The TMM SSO plugin in F5 BIG-IP APM, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.
Recommendations
For F5 BIG-IP APM versions 11.5.4 through 11.5.4 HF2, update to a version outside of this range to resolve the issue.
For F5 BIG-IP APM versions 11.6.0 through 11.6.1 HF1, update to a version outside of this range to resolve the issue.
For F5 BIG-IP APM versions 12.0.0 through 12.1.1, update to a version outside of this range to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip Apm