CVE-2017-6130

CWE-918Server-Side Request Forgery (SSRF)4 documents4 sources
Severity
7.4HIGH
EPSS
0.3%
top 42.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
F5 Networks SSL Intercept Iapp 1.5.0 - 1.5.7 AND SSL Orchestrator 2.0F5 SSL Intercept IappF5 SSL Orchestrator
Timeline
PublishedApr 6
Latest updateMay 17

Description

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages3 packages

CVEListV5f5_networks/ssl_intercept_iapp_1.5.0_-_1.5.7_and_ssl_orchestrator_2.0SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0
NVDf5/ssl_intercept_iapp1.5.0, 1.5.7+1

🔴Vulnerability Details

2
GHSA
GHSA-xj4r-whfg-77cr: F5 SSL Intercept iApp 12022-05-17
CVEList
CVE-2017-6130: F5 SSL Intercept iApp 12017-04-06

📋Vendor Advisories

1
F5
CVE-2017-6130: F5 SSL Intercept iApp 12017-04-06
CVE-2017-6130 (HIGH CVSS 7.4) | F5 SSL Intercept iApp 1.5.0 - 1.5.7 | cvebase.io