Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ssl_intercept_iapp by f5

    CVE-2017-6130 (GCVE-0-2017-6130)

    Vulnerability from nvd – Published: 2017-04-06 14:00 – Updated: 2024-08-05 15:18
    VLAI
    Summary
    F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.
    Severity
    No CVSS data available.
    CWE
    • Server-Side Request Forgery
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K23001529 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 Affected: SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0
    Create a notification for this product.
    Date Public
    2017-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K23001529"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0",
              "vendor": "F5 Networks",
              "versions": [
                {
                  "status": "affected",
                  "version": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0"
                }
              ]
            }
          ],
          "datePublic": "2017-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-06T13:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K23001529"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2017-6130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-Side Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K23001529",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K23001529"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6130",
        "datePublished": "2017-04-06T14:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:18:49.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0305 (GCVE-0-2017-0305)

    Vulnerability from nvd – Published: 2017-04-06 14:00 – Updated: 2024-08-05 13:03
    VLAI
    Summary
    F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.
    Severity
    No CVSS data available.
    CWE
    • remote command execution
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K53244431 x_refsource_CONFIRM
    Impacted products
    Date Public
    2017-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:56.813Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K53244431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SSL Intercept iApp version",
              "vendor": "F5 Networks",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0 - 1.5.7"
                }
              ]
            }
          ],
          "datePublic": "2017-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-06T13:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K53244431"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2017-0305",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SSL Intercept iApp version",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.5.0 - 1.5.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote command execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K53244431",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K53244431"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-0305",
        "datePublished": "2017-04-06T14:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:03:56.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6130 (GCVE-0-2017-6130)

    Vulnerability from cvelistv5 – Published: 2017-04-06 14:00 – Updated: 2024-08-05 15:18
    VLAI
    Summary
    F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.
    Severity
    No CVSS data available.
    CWE
    • Server-Side Request Forgery
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K23001529 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 Affected: SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0
    Create a notification for this product.
    Date Public
    2017-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K23001529"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0",
              "vendor": "F5 Networks",
              "versions": [
                {
                  "status": "affected",
                  "version": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0"
                }
              ]
            }
          ],
          "datePublic": "2017-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-06T13:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K23001529"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2017-6130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-Side Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K23001529",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K23001529"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6130",
        "datePublished": "2017-04-06T14:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:18:49.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0305 (GCVE-0-2017-0305)

    Vulnerability from cvelistv5 – Published: 2017-04-06 14:00 – Updated: 2024-08-05 13:03
    VLAI
    Summary
    F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.
    Severity
    No CVSS data available.
    CWE
    • remote command execution
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K53244431 x_refsource_CONFIRM
    Impacted products
    Date Public
    2017-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:56.813Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K53244431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SSL Intercept iApp version",
              "vendor": "F5 Networks",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0 - 1.5.7"
                }
              ]
            }
          ],
          "datePublic": "2017-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-06T13:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K53244431"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2017-0305",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SSL Intercept iApp version",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.5.0 - 1.5.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote command execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K53244431",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K53244431"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-0305",
        "datePublished": "2017-04-06T14:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:03:56.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }