ADVISORY!
TLP : CLEAR
Date : 06/08/2024
REF NO : CERT / 2024/08/69
F5 BIG-IP Security Restriction Bypass Vulnerability
Severity Level: High
Components Affected
BIG-IP (all modules)
- version 15.1.0 – 15.1.10
- version 16.1.0 – 16.1.5
- version 17.1.0 – 17.1.1
F5OS-A
- version 1.5.1 – 1.5.2
- version 1.7.0
F5OS-C
- version 1.6.0 – 1.6.2
Traffix SDC
- version 5.1.0
- version 5.2.0
Overview
A vulnerability was identified in F5 BIG-IP, a remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.
Note:
No patch or mitigation is currently available for CVE-2024-38473 of the affected products.
Description
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Impact
- Security Restriction Bypass
Solution/ Workarounds
No solution was available at the time of this vulnerability
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
