Описание
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate:
- An OAuth Server that references an OAuth Provider
- An OAuth profile with the Authorization Endpoint set to '/'
- An access profile that references the above OAuth profile and is associated with an HTTPS virtual server
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Уязвимость средства контроля доступа и удаленной аутентификации BIG-IP Access Policy Manager, связанная с ошибками разыменования указателей, позволяющая нарушителю вызвать октаз в обслуживании
EPSS
7.5 High
CVSS3