[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-6249

Date: (C)2017-02-21   (M)2017-12-07 


F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.

CVSS Score: 2.1Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
SECTRACK-1037873
https://support.f5.com/csp/article/K12685114

CPE    68
cpe:/a:f5:big-ip_domain_name_system:12.0.0
cpe:/a:f5:big-ip_access_policy_manager:11.5.3
cpe:/a:f5:big-ip_access_policy_manager:11.5.2
cpe:/a:f5:big-ip_access_policy_manager:11.5.4
...
CWE    1
CWE-200

© 2013 SecPod Technologies