CVE-2017-6139 - OpenCVE

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Big-ip Access Policy Manager

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/106186
http://www.securitytracker.com/id/1040055
https://support.f5.com/csp/article/K45432295

History

No history.

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2017-12-21T17:00:00Z

Updated: 2024-09-16T18:23:45.116Z

Reserved: 2017-02-21T00:00:00

Link: CVE-2017-6139

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-12-21T17:29:00.560

Modified: 2019-04-12T10:29:00.447

Link: CVE-2017-6139

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "BIG-IP APM", "vendor": "F5 Networks, Inc.", "versions": [{"status": "affected", "version": "13.0.0"}, {"status": "affected", "version": "12.1.2"}]}], "datePublic": "2017-12-20T00:00:00", "descriptions": [{"lang": "en", "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk."}], "problemTypes": [{"descriptions": [{"description": "Information Leakage", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-12T09:06:02", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K45432295"}, {"name": "1040055", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040055"}, {"name": "106186", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106186"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "DATE_PUBLIC": "2017-12-20T00:00:00", "ID": "CVE-2017-6139", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP APM", "version": {"version_data": [{"version_value": "13.0.0"}, {"version_value": "12.1.2"}]}}]}, "vendor_name": "F5 Networks, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Leakage"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K45432295", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K45432295"}, {"name": "1040055", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040055"}, {"name": "106186", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106186"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:18:49.677Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K45432295"}, {"name": "1040055", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040055"}, {"name": "106186", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106186"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2017-6139", "datePublished": "2017-12-21T17:00:00Z", "dateReserved": "2017-02-21T00:00:00", "dateUpdated": "2024-09-16T18:23:45.116Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7563D979-BE37-4251-B92E-0DBDBE53F3FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk."}, {"lang": "es", "value": "En F5 BIG-IP APM, en versiones 13.0.0 y 12.1.2 en condiciones poco frecuentes, el systema BIG-IP APM adjunta detalles de los logs cuando responde a las peticiones del cliente. Los detalles del archivo de log pueden variar. Los clientes que inicien sesi\u00f3n con BIG-IP APM en modo depuraci\u00f3n son los que est\u00e1n m\u00e1s en riesgo."}], "id": "CVE-2017-6139", "lastModified": "2019-04-12T10:29:00.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-21T17:29:00.560", "references": [{"source": "f5sirt@f5.com", "url": "http://www.securityfocus.com/bid/106186"}, {"source": "f5sirt@f5.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040055"}, {"source": "f5sirt@f5.com", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://support.f5.com/csp/article/K45432295"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}