CVE-2016-6249
MEDIUMF5 BIG-IP <12.0.0, 11.6.1 - Info Disclosure
Title source: llmDescription
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.
Scores
CVSS v3
5.3
EPSS
0.0006
EPSS Percentile
19.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Classification
CWE
CWE-200
Status
published
Affected Products (50)
f5/big-ip_access_policy_manager
f5/big-ip_access_policy_manager
f5/big-ip_access_policy_manager
f5/big-ip_access_policy_manager
f5/big-ip_access_policy_manager
f5/big-ip_access_policy_manager
f5/big-ip_access_policy_manager
f5/big-ip_access_policy_manager
f5/big-ip_advanced_firewall_manager
f5/big-ip_advanced_firewall_manager
f5/big-ip_advanced_firewall_manager
f5/big-ip_advanced_firewall_manager
f5/big-ip_advanced_firewall_manager
f5/big-ip_advanced_firewall_manager
f5/big-ip_advanced_firewall_manager
... and 35 more
Timeline
Published
Feb 20, 2017
Tracked Since
Feb 18, 2026