Vulnerabilites related to f5 - ssl_intercept_iapp
CVE-2017-6130 (GCVE-0-2017-6130)
Vulnerability from cvelistv5
Published
2017-04-06 14:00
Modified
2024-08-05 15:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Server-Side Request Forgery
Summary
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks | SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 |
Version: SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K23001529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0",
"vendor": "F5 Networks",
"versions": [
{
"status": "affected",
"version": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0"
}
]
}
],
"datePublic": "2017-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-06T13:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K23001529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2017-6130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0",
"version": {
"version_data": [
{
"version_value": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0"
}
]
}
}
]
},
"vendor_name": "F5 Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K23001529",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K23001529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6130",
"datePublished": "2017-04-06T14:00:00",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0305 (GCVE-0-2017-0305)
Vulnerability from cvelistv5
Published
2017-04-06 14:00
Modified
2024-08-05 13:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote command execution
Summary
F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks | SSL Intercept iApp version |
Version: 1.5.0 - 1.5.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:56.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K53244431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SSL Intercept iApp version",
"vendor": "F5 Networks",
"versions": [
{
"status": "affected",
"version": "1.5.0 - 1.5.7"
}
]
}
],
"datePublic": "2017-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-06T13:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K53244431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2017-0305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SSL Intercept iApp version",
"version": {
"version_data": [
{
"version_value": "1.5.0 - 1.5.7"
}
]
}
}
]
},
"vendor_name": "F5 Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K53244431",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K53244431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-0305",
"datePublished": "2017-04-06T14:00:00",
"dateReserved": "2016-11-09T00:00:00",
"dateUpdated": "2024-08-05T13:03:56.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-04-06 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K23001529 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K23001529 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | ssl_intercept_iapp | 1.5.0 | |
| f5 | ssl_intercept_iapp | 1.5.7 | |
| f5 | ssl_orchestrator | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:ssl_intercept_iapp:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3046BEE-F484-479B-BD85-F620A5F26914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:ssl_intercept_iapp:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F55DA561-A1EC-44C4-9C26-B5278A20FD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:ssl_orchestrator:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B32AF0A1-1AA6-4CCF-AF21-427FAAF65904",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic."
},
{
"lang": "es",
"value": "F5 SSL Intercept iApp 1.5.0 - 1.5.7 y SSL Orchestrator 2.0 es vulnerable a un ataque SSRF cuando se despliega utilizando la funcionalidad Dynamic Domain Bypass (DDB) m\u00e1s la opci\u00f3n SNAT Auto Map para el tr\u00e1fico de salida."
}
],
"id": "CVE-2017-6130",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-06T14:59:00.287",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K23001529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K23001529"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-06 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K53244431 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K53244431 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | ssl_intercept_iapp | 1.5.0 | |
| f5 | ssl_intercept_iapp | 1.5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:ssl_intercept_iapp:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3046BEE-F484-479B-BD85-F620A5F26914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:ssl_intercept_iapp:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F55DA561-A1EC-44C4-9C26-B5278A20FD1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic."
},
{
"lang": "es",
"value": "F5 SSL Intercept iApp versi\u00f3n 1.5.0 - 1.5.7 es vulnerable a un ataque remoto no autenticado, que pueden permitir la modificaci\u00f3n de la configuraci\u00f3n del sistema BIG-IP, extracci\u00f3n de archivos de sistema sensibles y la posible ejecuci\u00f3n de comandos remotos en el sistema cuando se despliega utilizando la funcionalidad Explicit Proxy m\u00e1s la opci\u00f3n SNAT Auto Map para el tr\u00e1fico de salida."
}
],
"id": "CVE-2017-0305",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-06T14:59:00.193",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K53244431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K53244431"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}