ADVISORY!
TLP : CLEAR
Date : 16/08/2024
REF NO : CERT /2024/ 08/74
F5 BIG-IP Sensitive Information Disclosure Vulnerability
Severity Level: High
Components Affected
BIG-IP (all modules)
- version 15.1.0 – 15.1.10
- version 16.1.0 – 16.1.5
- version 17.1.0 – 17.1.1
F5OS-A
- version 1.5.1 – 1.5.2
- version 1.7.0
F5OS-C
- version 1.6.0 – 1.6.2
Traffix SDC
- version 5.1.0
- version 5.2.0
Overview
A vulnerability was identified in F5 BIG-IP, a remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system.
Note:
No patch or mitigation is currently available for CVE-2024-39573 of the affected products.
Description
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL’s to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Impact
- Security Restriction Bypass
Solution/ Workarounds
- No solution was available at the time of this vulnerability
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
