Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BIG-IP APM OAuth vulnerability
Vulnerability Description
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
空指针解引用
Vulnerability Title
F5 BIG-IP 代码问题漏洞
Vulnerability Description
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP 存在安全漏洞,该漏洞源于在BIG-IP APM 系统配置(引用 OAuth 提供程序的 OAuth 服务器、授权端点设置为“/”的 OAuth 配置文件、上述 OAuth 配置文件和 HTTPS 虚拟服务器相关联的访问配置文件)时,未公开的请求可能会导致流量管理微内核 (TMM) 终止,以下产品和版本受到影响:BIG-IP (AFM) 14.1.0 到 14.1.5版本、13.1
CVSS Information
N/A
Vulnerability Type
N/A