CVE-2017-6139

MEDIUM

F5 Big-ip Access Policy Manager - Log Information Exposure

Title source: rule
STIX 2.1

Description

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.

References (3)

Core 3
Core References
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K45432295
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040055
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106186

Scores

CVSS v3 5.9
EPSS 0.0043
EPSS Percentile 62.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-532
Status published
Products (4)
f5/big-ip_access_policy_manager 12.1.2
f5/big-ip_access_policy_manager 13.0.0
F5 Networks, Inc./BIG-IP APM 12.1.2
F5 Networks, Inc./BIG-IP APM 13.0.0
Published Dec 21, 2017
Tracked Since Feb 18, 2026