ID
VAR-200502-0160
TITLE
F5 BIG-IP HTTP Pipelining OneConnect Information Leakage Vulnerability
Trust: 0.3
DESCRIPTION
The F5 BIG-IP appliance is reported prone to an information leakage vulnerability. It is reported that the vulnerability is triggered when a browser that is using HTTP pipelining is employed to request a web page from a web server that is being load-balanced by a BIG-IP appliance. It is not believed that a remote attacker will be able to control the behavior of the affected appliance during a pipelined request, as a result it is conjectured that this vulnerability may be exploited to trigger a partial denial of service. Additionally, a successful attack may result in a disclosure of potentially sensitive information to unauthorized users. This vulnerability is reported to affect BIG-IP versions 4.0 through 4.6.2 and BIG-IP Blade Controller versions 4.2.1 through 4.6.2, that have 'OneConnect/Web Aggregation' functionality enabled.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | f5 | model: | big-ip blade controller | scope: | eq | version: | 4.6.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip blade controller | scope: | eq | version: | 4.6 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip blade controller ptf-01 | scope: | eq | version: | 4.2.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip blade controller | scope: | eq | version: | 4.2.1 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.6.2 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.6 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.5.11 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.5.10 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.5.9 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.5.6 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.2 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Failure to Handle Exceptional Conditions
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 12464 | Trust: 0.3 |
REFERENCES
| url: | http://www.f5.com/f5products/bigip/ | Trust: 0.3 |
| url: | http://bostonsteamer.livejournal.com/667498.html | Trust: 0.3 |
CREDITS
The discoverer of this vulnerability is not known.
Trust: 0.3
SOURCES
| db: | BID | id: | 12464 |
LAST UPDATE DATE
2022-05-17T01:47:36.117000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 12464 | date: | 2005-02-07T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 12464 | date: | 2005-02-07T00:00:00 |