Vulnerability-Lookup

CVE-2016-3686 (GCVE-0-2016-3686)

Vulnerability from cvelistv5 – Published: 2016-04-13 16:00 – Updated: 2024-08-06 00:03

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

VAR-201604-0307

Vulnerability from variot - Updated: 2025-04-13 20:24

The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect. Multiple F5 BIG-IP products are prone to an authorization-bypass vulnerability. A remote attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. F5 BIG-IP APM (Access Policy Manager) and BIG-IP Edge Gateway are both products of the US company F5. BIG-IP APM is a solution that provides secure and unified access to business-critical applications and networks; BIG-IP Edge Gateway is a remote access solution

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0307",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "11.0.0 to  11.6.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "11.0.0 to  11.3.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-148"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3686"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:f5:big-ip_edge_gateway",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F5",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-148"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-3686",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-3686",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-92505",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2016-3686",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-3686",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-3686",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201604-148",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-92505",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-148"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3686"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect. Multiple F5 BIG-IP products are prone to an authorization-bypass  vulnerability. \nA remote attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. F5 BIG-IP APM (Access Policy Manager) and BIG-IP Edge Gateway are both products of the US company F5. BIG-IP APM is a solution that provides secure and unified access to business-critical applications and networks; BIG-IP Edge Gateway is a remote access solution",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3686"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      },
      {
        "db": "BID",
        "id": "86279"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92505"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-3686",
        "trust": 2.9
      },
      {
        "db": "SECTRACK",
        "id": "1035519",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002108",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-148",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2016.0902",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "86279",
        "trust": 0.4
      },
      {
        "db": "OTHER",
        "id": "NONE",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-92505",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-92505"
      },
      {
        "db": "BID",
        "id": "86279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-148"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3686"
      }
    ]
  },
  "id": "VAR-201604-0307",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-92505"
      }
    ],
    "trust": 0.02
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "network device"
        ],
        "sub_category": "gateway",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      }
    ]
  },
  "last_update_date": "2025-04-13T20:24:12.198000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SOL82679059: BIG-IP APM SSO vulnerability CVE-2016-3686",
        "trust": 0.8,
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html"
      },
      {
        "title": "F5 BIG-IP APM  and BIG-IP Edge Gateway Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60868"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-148"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3686"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1035519"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3686"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3686"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/render.html?it=33286"
      },
      {
        "trust": 0.3,
        "url": "http://www.f5.com/products/big-ip/"
      },
      {
        "trust": 0.1,
        "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-92505"
      },
      {
        "db": "BID",
        "id": "86279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-148"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3686"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-92505"
      },
      {
        "db": "BID",
        "id": "86279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-148"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3686"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92505"
      },
      {
        "date": "2016-04-09T00:00:00",
        "db": "BID",
        "id": "86279"
      },
      {
        "date": "2016-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      },
      {
        "date": "2016-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-148"
      },
      {
        "date": "2016-04-13T16:59:21.947000",
        "db": "NVD",
        "id": "CVE-2016-3686"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92505"
      },
      {
        "date": "2016-04-09T00:00:00",
        "db": "BID",
        "id": "86279"
      },
      {
        "date": "2016-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      },
      {
        "date": "2016-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-148"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-3686"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-148"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F5 BIG-IP APM and  BIG-IP Edge Gateway of  Single Sign-On Important in function  SessionId Information vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002108"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-148"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-3686

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-3686

Aliases

CVE-2016-3686

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-3686",
    "description": "The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.",
    "id": "GSD-2016-3686"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-3686"
      ],
      "details": "The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.",
      "id": "GSD-2016-3686",
      "modified": "2023-12-13T01:21:27.921769Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-3686",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1035519",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035519"
          },
          {
            "name": "https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:11.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3686"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035519",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035519"
            },
            {
              "name": "https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-04-18T14:26Z",
      "publishedDate": "2016-04-13T16:59Z"
    }
  }
}

FKIE_CVE-2016-3686

Vulnerability from fkie_nvd - Published: 2016-04-13 16:59 - Updated: 2025-04-12 10:46

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://www.securitytracker.com/id/1035519
cve@mitre.org	https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035519
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html	Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_edge_gateway	11.0.0
f5	big-ip_edge_gateway	11.1.0
f5	big-ip_edge_gateway	11.2.0
f5	big-ip_edge_gateway	11.2.1
f5	big-ip_edge_gateway	11.3.0
f5	big-ip_access_policy_manager	11.0.0
f5	big-ip_access_policy_manager	11.1.0
f5	big-ip_access_policy_manager	11.2.0
f5	big-ip_access_policy_manager	11.2.1
f5	big-ip_access_policy_manager	11.3.0
f5	big-ip_access_policy_manager	11.4.0
f5	big-ip_access_policy_manager	11.4.1
f5	big-ip_access_policy_manager	11.5.0
f5	big-ip_access_policy_manager	11.5.1
f5	big-ip_access_policy_manager	11.5.2
f5	big-ip_access_policy_manager	11.5.3
f5	big-ip_access_policy_manager	11.5.4
f5	big-ip_access_policy_manager	11.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53531CA7-5E47-4C46-BDA5-3B4710085078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A085285-329B-4EF0-ABFB-238655E9E82D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1591F627-3C86-4904-9236-6936D533ED75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3136A8D1-3D0D-46B3-9A3A-737074864F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96673865-3D37-4562-831E-3ACE9DFB471E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD575B3E-FBA9-443A-9B52-49766DBE40C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8F3BF3A-DC42-45F4-99C0-DF71DB1A9E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "002333F5-2864-434F-AC94-9C644098F95C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB630A86-FB84-4199-9E4D-38EB620806CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABF47456-CCA0-4817-9AEF-631DC152174E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB5F9107-549C-40EF-B355-C7E93A979CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1A1C200-30B2-4B38-BC74-D11E54530A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0312FC-8178-46DE-B4EE-00F2895073BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC6C5628-14FF-4D75-B62E-D4B2707C1E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E574F6-34B6-45A6-911D-E5347DA22F69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCF94129-8779-4D68-8DD4-B828CA633746",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA2E88AA-0523-48D0-8664-6AFDBCB6C940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect."
    },
    {
      "lang": "es",
      "value": "La caracter\u00edstica Single Sign-On (SSO) en F5 BIG-IP APM 11.x en versiones anteriores a 11.6.0 HF6 y BIG-IP Edge Gateway 11.0.0 hasta la versi\u00f3n 11.3.0 podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n SessionId sensible aprovechando el acceso a la cabecera Location HTTP en una redirecci\u00f3n."
    }
  ],
  "id": "CVE-2016-3686",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-13T16:59:21.947",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1035519"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2016-AVI-118

Vulnerability from certfr_avis - Published: 2016-04-11 - Updated: 2016-04-11

Une vulnérabilité a été corrigée dans F5 BIG-IP. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	F5	BIG-IP	F5 BIG-IP APM versions 11.0.0 à 11.6.0
	F5	BIG-IP	F5 BIG-IP Edge Gateway versions 11.0.0 à 11.3.0

References

Title

Publication Time

GHSA-JW67-Q432-R4C9

Vulnerability from github – Published: 2022-05-17 03:56 – Updated: 2022-05-17 03:56

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-3686"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-04-13T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.",
  "id": "GHSA-jw67-q432-r4c9",
  "modified": "2022-05-17T03:56:55Z",
  "published": "2022-05-17T03:56:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3686"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035519"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2016-02176

Vulnerability from cnvd - Published: 2016-04-13

Title

F5 BIG-IP APM和BIG-IP Edge Gateway未授权访问漏洞

Description

F5 BIG-IP APM（Access Policy Manager）和BIG-IP Edge Gateway都是美国F5公司的产品。 BIG-IP APM是一套提供安全统一访问关键业务应用和网络的解决方案；BIG-IP Edge Gateway是一套远程接入解决方案。 F5 BIG-IP APM 11.0.0版本至11.6.0版本和BIG-IP Edge Gateway 11.0.0版本至11.3.0版本中存在安全漏洞，攻击者可利用该漏洞获取未授权的访问权限。

Severity

高

Patch Name

F5 BIG-IP APM和BIG-IP Edge Gateway未授权访问漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html

Reference

https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html

Impacted products

Name
F5 BIG-IP APM >=1.0.0，<=11.6.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-3686"
    }
  },
  "description": "F5 BIG-IP APM\uff08Access Policy Manager\uff09\u548cBIG-IP Edge Gateway\u90fd\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4ea7\u54c1\u3002\r\nBIG-IP APM\u662f\u4e00\u5957\u63d0\u4f9b\u5b89\u5168\u7edf\u4e00\u8bbf\u95ee\u5173\u952e\u4e1a\u52a1\u5e94\u7528\u548c\u7f51\u7edc\u7684\u89e3\u51b3\u65b9\u6848\uff1bBIG-IP Edge Gateway\u662f\u4e00\u5957\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nF5 BIG-IP APM 11.0.0\u7248\u672c\u81f311.6.0\u7248\u672c\u548cBIG-IP Edge Gateway 11.0.0\u7248\u672c\u81f311.3.0\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "F5",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02176",
  "openTime": "2016-04-13",
  "patchDescription": "F5 BIG-IP APM\uff08Access Policy Manager\uff09\u548cBIG-IP Edge Gateway\u90fd\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4ea7\u54c1\u3002\r\nBIG-IP APM\u662f\u4e00\u5957\u63d0\u4f9b\u5b89\u5168\u7edf\u4e00\u8bbf\u95ee\u5173\u952e\u4e1a\u52a1\u5e94\u7528\u548c\u7f51\u7edc\u7684\u89e3\u51b3\u65b9\u6848\uff1bBIG-IP Edge Gateway\u662f\u4e00\u5957\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nF5 BIG-IP APM 11.0.0\u7248\u672c\u81f311.6.0\u7248\u672c\u548cBIG-IP Edge Gateway 11.0.0\u7248\u672c\u81f311.3.0\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 BIG-IP APM\u548cBIG-IP Edge Gateway\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "F5 BIG-IP APM \u003e=1.0.0\uff0c\u003c=11.6.0"
  },
  "referenceLink": "https://support.f5.com/kb/en-us/solutions/public/k/82/sol82679059.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-04-12",
  "title": "F5 BIG-IP APM\u548cBIG-IP Edge Gateway\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-3686 (GCVE-0-2016-3686)

VAR-201604-0307

GSD-2016-3686

FKIE_CVE-2016-3686

CERTFR-2016-AVI-118

Solution

GHSA-JW67-Q432-R4C9

CNVD-2016-02176

Tags

Sightings

Nomenclature