F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| F5 Networks | F5 BIG-IP, REST Framework Logging | affected |
|
Configuration 1 [-]
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
F5
Subscribe
|
Big-ip Access Policy Manager
Subscribe
Big-ip Advanced Firewall Manager
Subscribe
Big-ip Analytics
Subscribe
Big-ip Application Acceleration Manager
Subscribe
Big-ip Application Security Manager
Subscribe
Big-ip Domain Name System
Subscribe
Big-ip Global Traffic Manager
Subscribe
Big-ip Link Controller
Subscribe
Big-ip Local Traffic Manager
Subscribe
Big-ip Policy Enforcement Manager
Subscribe
Big-ip Websafe
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2016-7179 | F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: f5
Published:
Updated: 2024-08-06T01:22:20.654Z
Reserved: 2016-07-19T00:00:00.000Z
Link: CVE-2016-6249
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2017-02-20T15:59:00.170
Modified: 2025-04-20T01:37:25.860
Link: CVE-2016-6249
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses