cvelistv5 - cve-2016-7467

CVE-2016-7467 (GCVE-0-2016-7467)

Vulnerability from cvelistv5

Published

2017-04-11 14:00

Modified

2024-08-06 01:57

Severity ?

CWE

TMM SSO plugin

Summary

References

URL

	Vendor	Product	Version
	F5 Networks	F5 BIG-IP APM	Version: 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2

gsd-2016-7467

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-7467

Aliases

CVE-2016-7467

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7467",
    "description": "The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.",
    "id": "GSD-2016-7467"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7467"
      ],
      "details": "The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.",
      "id": "GSD-2016-7467",
      "modified": "2023-12-13T01:21:20.353538Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "f5sirt@f5.com",
        "ID": "CVE-2016-7467",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "F5 BIG-IP APM",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "F5 Networks"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "TMM SSO plugin"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "97168",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97168"
          },
          {
            "name": "https://support.f5.com/csp/article/K95444512",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K95444512"
          },
          {
            "name": "1038131",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038131"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2016-7467"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K95444512",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K95444512"
            },
            {
              "name": "97168",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97168"
            },
            {
              "name": "1038131",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038131"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-07-12T01:29Z",
      "publishedDate": "2017-04-11T14:59Z"
    }
  }
}

The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector. F5 BIG-IP APM Contains an input validation vulnerability.Service operation interruption (DoS) An attack may be carried out. F5BIG-IP is a load balancer that uses a variety of allocation algorithms to distribute network requests to available servers in a server cluster. By managing incoming web data traffic and increasing effective network bandwidth, network visitors get as much as possible. The hardware device for the best networking experience. A denial of service vulnerability exists in F5BIG-IPAPM. A remote attacker could exploit this vulnerability to cause the service to restart, resulting in a denial of service condition. F5 BIG-IP APM is prone to a remote denial-of-service vulnerability. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. TMM SSO is one of the single sign-on plug-ins used to execute the traffic management service process. An attacker could exploit this vulnerability to temporarily disrupt traffic with malformed and signed SAML authentication requests. The following products and versions are affected: F5 BIG-IP APM version 12.0.0 to version 12.1.1; version 11.6.0 to version 11.6.1 HF1; version 11.5.4 to version 11.5.4 HF2

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0345",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "11.5.4 - 11.5.4 hf2"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "11.6.0 - 11.6.1 hf1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "12.0.0 - 12.1.1"
      },
      {
        "model": "big-ip apm",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "f5",
        "version": "12.0.0,\u003c=12.1.1"
      },
      {
        "model": "big-ip apm \u003c=11.6.1hf1",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip apm \u003e=11.5.4,\u003c=11.5.4hf2",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip apm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip apm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip apm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip apm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip apm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05634"
      },
      {
        "db": "BID",
        "id": "97168"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1254"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7467"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported the issue.",
    "sources": [
      {
        "db": "BID",
        "id": "97168"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-7467",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2016-7467",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CNVD-2017-05634",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-96287",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.6,
            "id": "CVE-2016-7467",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-7467",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-7467",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-05634",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-1254",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-96287",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05634"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96287"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1254"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7467"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector. F5 BIG-IP APM Contains an input validation vulnerability.Service operation interruption (DoS) An attack may be carried out. F5BIG-IP is a load balancer that uses a variety of allocation algorithms to distribute network requests to available servers in a server cluster. By managing incoming web data traffic and increasing effective network bandwidth, network visitors get as much as possible. The hardware device for the best networking experience. A denial of service vulnerability exists in F5BIG-IPAPM. A remote attacker could exploit this vulnerability to cause the service to restart, resulting in a denial of service condition. F5 BIG-IP APM is prone to a remote denial-of-service vulnerability. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. TMM SSO is one of the single sign-on plug-ins used to execute the traffic management service process. An attacker could exploit this vulnerability to temporarily disrupt traffic with malformed and signed SAML authentication requests. The following products and versions are affected: F5 BIG-IP APM version 12.0.0 to version 12.1.1; version 11.6.0 to version 11.6.1 HF1; version 11.5.4 to version 11.5.4 HF2",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-7467"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05634"
      },
      {
        "db": "BID",
        "id": "97168"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96287"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-7467",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "97168",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1038131",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008349",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1254",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05634",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-96287",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05634"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96287"
      },
      {
        "db": "BID",
        "id": "97168"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1254"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7467"
      }
    ]
  },
  "id": "VAR-201704-0345",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05634"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96287"
      }
    ],
    "trust": 1.14448256
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05634"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:45:24.285000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "K95444512: TMM SSO plugin vulnerability CVE-2016-7467",
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/K95444512"
      },
      {
        "title": "Patch for F5BIG-IPAPM Denial of Service Vulnerability (CNVD-2017-05634)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/92246"
      },
      {
        "title": "F5 BIG-IP APM TMM SSO Plugin input verification vulnerability fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74775"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05634"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1254"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-96287"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7467"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/97168"
      },
      {
        "trust": 2.0,
        "url": "https://support.f5.com/csp/article/k95444512"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7467"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038131"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7467"
      },
      {
        "trust": 0.3,
        "url": "http://www.f5.com/products/big-ip/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05634"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96287"
      },
      {
        "db": "BID",
        "id": "97168"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1254"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7467"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05634"
      },
      {
        "db": "VULHUB",
        "id": "VHN-96287"
      },
      {
        "db": "BID",
        "id": "97168"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1254"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7467"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05634"
      },
      {
        "date": "2017-04-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-96287"
      },
      {
        "date": "2017-03-23T00:00:00",
        "db": "BID",
        "id": "97168"
      },
      {
        "date": "2017-05-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      },
      {
        "date": "2017-03-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1254"
      },
      {
        "date": "2017-04-11T14:59:00.223000",
        "db": "NVD",
        "id": "CVE-2016-7467"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05634"
      },
      {
        "date": "2017-07-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-96287"
      },
      {
        "date": "2017-03-29T00:03:00",
        "db": "BID",
        "id": "97168"
      },
      {
        "date": "2017-05-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      },
      {
        "date": "2017-09-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1254"
      },
      {
        "date": "2024-11-21T02:58:03.833000",
        "db": "NVD",
        "id": "CVE-2016-7467"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1254"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F5 BIG-IP APM Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008349"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1254"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2016-7467

Vulnerability from fkie_nvd

Published

2017-04-11 14:59

Modified

2025-04-20 01:37

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
f5sirt@f5.com	http://www.securityfocus.com/bid/97168	Third Party Advisory, VDB Entry
f5sirt@f5.com	http://www.securitytracker.com/id/1038131
f5sirt@f5.com	https://support.f5.com/csp/article/K95444512	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97168	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038131
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K95444512	Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_access_policy_manager	11.5.4
f5	big-ip_access_policy_manager	11.6.0
f5	big-ip_access_policy_manager	11.6.1
f5	big-ip_access_policy_manager	12.0.0
f5	big-ip_access_policy_manager	12.1.0
f5	big-ip_access_policy_manager	12.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA2E88AA-0523-48D0-8664-6AFDBCB6C940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33BCA5B-CE91-451C-9821-2023A9E461C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD2044C-AC6F-4145-B1A0-8EB26DCF1F8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FC866D4-CE8C-4408-AD1E-8643AC554CC9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector."
    },
    {
      "lang": "es",
      "value": "El plugin TMM SSO en F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, cuando est\u00e1 configurado como un SAML Identity Provider con un conector Service Provider (SP), podr\u00eda permitir que se interrumpiera el tr\u00e1fico o inicio de conmutaci\u00f3n por error cuando una solicitud de autenticaci\u00f3n SAML firmada malformada de un usuario autenticado es enviada a trav\u00e9s del conector SP."
    }
  ],
  "id": "CVE-2016-7467",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-11T14:59:00.223",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97168"
    },
    {
      "source": "f5sirt@f5.com",
      "url": "http://www.securitytracker.com/id/1038131"
    },
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K95444512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K95444512"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-gxpj-cpjp-q8f2

Vulnerability from github

Published

2022-05-17 02:31

Modified

2022-05-17 02:31

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-11T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.",
  "id": "GHSA-gxpj-cpjp-q8f2",
  "modified": "2022-05-17T02:31:10Z",
  "published": "2022-05-17T02:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7467"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K95444512"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97168"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038131"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2017-05634

Vulnerability from cnvd

Title

F5 BIG-IP APM拒绝服务漏洞（CNVD-2017-05634）

Description

F5 BIG-IP是一个负载均衡器，采用各种分配算法把网络请求分散到一个服务器集群中的可用服务器上去，通过管理进入的Web数据流量和增加有效的网络带宽，从而使网络访问者获得尽可能最佳的联网体验的硬件设备。 F5 BIG-IP APM存在拒绝服务漏洞。远程攻击者可以利用此漏洞导致服务重新启动，导致拒绝服务条件。

Severity

低

Patch Name

F5 BIG-IP APM拒绝服务漏洞（CNVD-2017-05634）的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.f5.com/

Reference

http://www.securityfocus.com/bid/97168 https://nvd.nist.gov/vuln/detail/CVE-2016-7467

Impacted products

Name
['F5 BIG-IP APM >=12.0.0，<=12.1.1', 'F5 BIG-IP APM >=11.6.0，<=11.6.1HF1', 'F5 BIG-IP APM >=11.5.4，<=11.5.4HF2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97168"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7467"
    }
  },
  "description": "F5 BIG-IP\u662f\u4e00\u4e2a\u8d1f\u8f7d\u5747\u8861\u5668\uff0c\u91c7\u7528\u5404\u79cd\u5206\u914d\u7b97\u6cd5\u628a\u7f51\u7edc\u8bf7\u6c42\u5206\u6563\u5230\u4e00\u4e2a\u670d\u52a1\u5668\u96c6\u7fa4\u4e2d\u7684\u53ef\u7528\u670d\u52a1\u5668\u4e0a\u53bb\uff0c\u901a\u8fc7\u7ba1\u7406\u8fdb\u5165\u7684Web\u6570\u636e\u6d41\u91cf\u548c\u589e\u52a0\u6709\u6548\u7684\u7f51\u7edc\u5e26\u5bbd\uff0c\u4ece\u800c\u4f7f\u7f51\u7edc\u8bbf\u95ee\u8005\u83b7\u5f97\u5c3d\u53ef\u80fd\u6700\u4f73\u7684\u8054\u7f51\u4f53\u9a8c\u7684\u786c\u4ef6\u8bbe\u5907\u3002\r\n\r\nF5 BIG-IP APM\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002 \u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u91cd\u65b0\u542f\u52a8\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002",
  "discovererName": "F5",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.f5.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05634",
  "openTime": "2017-04-21",
  "patchDescription": "F5 BIG-IP\u662f\u4e00\u4e2a\u8d1f\u8f7d\u5747\u8861\u5668\uff0c\u91c7\u7528\u5404\u79cd\u5206\u914d\u7b97\u6cd5\u628a\u7f51\u7edc\u8bf7\u6c42\u5206\u6563\u5230\u4e00\u4e2a\u670d\u52a1\u5668\u96c6\u7fa4\u4e2d\u7684\u53ef\u7528\u670d\u52a1\u5668\u4e0a\u53bb\uff0c\u901a\u8fc7\u7ba1\u7406\u8fdb\u5165\u7684Web\u6570\u636e\u6d41\u91cf\u548c\u589e\u52a0\u6709\u6548\u7684\u7f51\u7edc\u5e26\u5bbd\uff0c\u4ece\u800c\u4f7f\u7f51\u7edc\u8bbf\u95ee\u8005\u83b7\u5f97\u5c3d\u53ef\u80fd\u6700\u4f73\u7684\u8054\u7f51\u4f53\u9a8c\u7684\u786c\u4ef6\u8bbe\u5907\u3002\r\n\r\nF5 BIG-IP APM\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002 \u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u91cd\u65b0\u542f\u52a8\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 BIG-IP APM\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-05634\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "F5 BIG-IP APM \u003e=12.0.0\uff0c\u003c=12.1.1",
      "F5 BIG-IP APM \u003e=11.6.0\uff0c\u003c=11.6.1HF1",
      "F5 BIG-IP APM \u003e=11.5.4\uff0c\u003c=11.5.4HF2"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/97168\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7467",
  "serverity": "\u4f4e",
  "submitTime": "2017-03-29",
  "title": "F5 BIG-IP APM\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-05634\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-7467 (GCVE-0-2016-7467)

Vulnerability from cvelistv5

gsd-2016-7467

Vulnerability from gsd

var-201704-0345

Vulnerability from variot

fkie_cve-2016-7467

Vulnerability from fkie_nvd

ghsa-gxpj-cpjp-q8f2

Vulnerability from github

cnvd-2017-05634

Vulnerability from cnvd

Tags

Sightings

Nomenclature