CVE-2017-6139 — Log File Information Exposure in Networks INC Big-ip APM

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.4%

top 37.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Networks INC Big-ip APM F5 Big-ip Access Policy Manager F5 Big-ip APM

Timeline

PublishedDec 21

Latest updateMay 14

Description

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶f5f5/big-ip_apm

▶CVEListV5f5_networks_inc/big-ip_apm12.1.2, 13.0.0+1

▶NVDf5/big-ip_access_policy_manager12.1.2, 13.0.0+1

🔴Vulnerability Details

GHSA

GHSA-wxcr-9p2r-c64c: In F5 BIG-IP APM software version 13↗2022-05-14

▶

📋Vendor Advisories

CVE-2017-6139: In F5 BIG-IP APM software version 13↗2017-12-21

▶