On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure.
References
Link | Resource |
---|---|
http://www.securitytracker.com/id/1040561 | Third Party Advisory VDB Entry |
https://support.f5.com/csp/article/K43121447 | Vendor Advisory |
http://www.securitytracker.com/id/1040561 | Third Party Advisory VDB Entry |
https://support.f5.com/csp/article/K43121447 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securitytracker.com/id/1040561 - Third Party Advisory, VDB Entry | |
References | () https://support.f5.com/csp/article/K43121447 - Vendor Advisory |
Information
Published : 2018-03-22 18:29
Updated : 2024-11-21 04:08
NVD link : CVE-2018-5502
Mitre link : CVE-2018-5502
CVE.ORG link : CVE-2018-5502
JSON object : View
Products Affected
f5
- big-ip_application_security_manager
- big-ip_application_acceleration_manager
- big-ip_global_traffic_manager
- big-ip_policy_enforcement_manager
- big-ip_edge_gateway
- big-ip_websafe
- big-ip_domain_name_system
- big-ip_link_controller
- big-ip_local_traffic_manager
- big-ip_webaccelerator
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- big-ip_analytics
CWE
CWE-295
Improper Certificate Validation