Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
F5 BIG-IP Access Policy Manager 安全漏洞
Vulnerability Description
F5 BIG-IP Access Policy Manager(APM)是美国F5公司的一套访问和安全解决方案。该解决方案提供统一访问关键业务应用和网络的功能。 F5 BIG-IP APM 11.6.0版本至11.6.3版本中存在安全漏洞,该漏洞源于程序对/vdesk链接中的‘orig_uri’参数使用了不安全的AES ECB模式。攻击者可利用该漏洞构建重定向URI值。
CVSS Information
N/A
Vulnerability Type
N/A