CVE-2016-6249
20.02.2017, 15:59
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.Enginsight
| Vendor | Product | Version |
|---|---|---|
| f5 | big-ip_access_policy_manager | 11.5.0 |
| f5 | big-ip_access_policy_manager | 11.5.1 |
| f5 | big-ip_access_policy_manager | 11.5.2 |
| f5 | big-ip_access_policy_manager | 11.5.3 |
| f5 | big-ip_access_policy_manager | 11.5.4 |
| f5 | big-ip_access_policy_manager | 11.6.0 |
| f5 | big-ip_access_policy_manager | 11.6.1 |
| f5 | big-ip_access_policy_manager | 12.0.0 |
| f5 | big-ip_advanced_firewall_manager | 11.5.0 |
| f5 | big-ip_advanced_firewall_manager | 11.5.1 |
| f5 | big-ip_advanced_firewall_manager | 11.5.2 |
| f5 | big-ip_advanced_firewall_manager | 11.5.3 |
| f5 | big-ip_advanced_firewall_manager | 11.5.4 |
| f5 | big-ip_advanced_firewall_manager | 11.6.0 |
| f5 | big-ip_advanced_firewall_manager | 11.6.1 |
| f5 | big-ip_advanced_firewall_manager | 12.0.0 |
| f5 | big-ip_analytics | 11.5.0 |
| f5 | big-ip_analytics | 11.5.1 |
| f5 | big-ip_analytics | 11.5.2 |
| f5 | big-ip_analytics | 11.5.3 |
| f5 | big-ip_analytics | 11.5.4 |
| f5 | big-ip_analytics | 11.6.0 |
| f5 | big-ip_analytics | 11.6.1 |
| f5 | big-ip_analytics | 12.0.0 |
| f5 | big-ip_application_acceleration_manager | 11.5.0 |
| f5 | big-ip_application_acceleration_manager | 11.5.1 |
| f5 | big-ip_application_acceleration_manager | 11.5.2 |
| f5 | big-ip_application_acceleration_manager | 11.5.3 |
| f5 | big-ip_application_acceleration_manager | 11.5.4 |
| f5 | big-ip_application_acceleration_manager | 11.6.0 |
| f5 | big-ip_application_acceleration_manager | 11.6.1 |
| f5 | big-ip_application_acceleration_manager | 12.0.0 |
| f5 | big-ip_application_security_manager | 11.5.0 |
| f5 | big-ip_application_security_manager | 11.5.1 |
| f5 | big-ip_application_security_manager | 11.5.2 |
| f5 | big-ip_application_security_manager | 11.5.3 |
| f5 | big-ip_application_security_manager | 11.5.4 |
| f5 | big-ip_application_security_manager | 11.6.0 |
| f5 | big-ip_application_security_manager | 11.6.1 |
| f5 | big-ip_application_security_manager | 12.0.0 |
| f5 | big-ip_domain_name_system | 12.0.0 |
| f5 | big-ip_global_traffic_manager | 11.5.0 |
| f5 | big-ip_global_traffic_manager | 11.5.1 |
| f5 | big-ip_global_traffic_manager | 11.5.2 |
| f5 | big-ip_global_traffic_manager | 11.5.3 |
| f5 | big-ip_global_traffic_manager | 11.5.4 |
| f5 | big-ip_global_traffic_manager | 11.6.0 |
| f5 | big-ip_global_traffic_manager | 11.6.1 |
| f5 | big-ip_link_controller | 11.5.0 |
| f5 | big-ip_link_controller | 11.5.1 |
| f5 | big-ip_link_controller | 11.5.2 |
| f5 | big-ip_link_controller | 11.5.3 |
| f5 | big-ip_link_controller | 11.5.4 |
| f5 | big-ip_link_controller | 11.6.0 |
| f5 | big-ip_link_controller | 11.6.1 |
| f5 | big-ip_link_controller | 12.0.0 |
| f5 | big-ip_local_traffic_manager | 11.5.0 |
| f5 | big-ip_local_traffic_manager | 11.5.1 |
| f5 | big-ip_local_traffic_manager | 11.5.2 |
| f5 | big-ip_local_traffic_manager | 11.5.3 |
| f5 | big-ip_local_traffic_manager | 11.5.4 |
| f5 | big-ip_local_traffic_manager | 11.6.0 |
| f5 | big-ip_local_traffic_manager | 11.6.1 |
| f5 | big-ip_local_traffic_manager | 12.0.0 |
| f5 | big-ip_policy_enforcement_manager | 11.5.0 |
| f5 | big-ip_policy_enforcement_manager | 11.5.1 |
| f5 | big-ip_policy_enforcement_manager | 11.5.2 |
| f5 | big-ip_policy_enforcement_manager | 11.5.3 |
| f5 | big-ip_policy_enforcement_manager | 11.5.4 |
| f5 | big-ip_policy_enforcement_manager | 11.6.0 |
| f5 | big-ip_policy_enforcement_manager | 11.6.1 |
| f5 | big-ip_policy_enforcement_manager | 12.0.0 |
| f5 | big-ip_websafe | 11.5.0 |
| f5 | big-ip_websafe | 11.5.1 |
| f5 | big-ip_websafe | 11.5.2 |
| f5 | big-ip_websafe | 11.5.3 |
| f5 | big-ip_websafe | 11.5.4 |
| f5 | big-ip_websafe | 11.6.0 |
| f5 | big-ip_websafe | 11.6.1 |
| f5 | big-ip_websafe | 12.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration