Details of VAR-201610-0128

ID

VAR-201610-0128

CVE

CVE-2016-5700

TITLE

F5 BIG-IP Vulnerability to change system settings in system virtual server

Trust: 0.8

sources: JVNDB: JVNDB-2016-005087

DESCRIPTION

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party may change system settings, read system files, and execute arbitrary code. Multiple F5 BIG-IP Products are prone to a remote command-execution vulnerability. An attacker can execute arbitrary system commands within the context of the affected application. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. The following versions are affected: F5 BIG-IP System version 11.5.0, version 11.5.1 before HF11, version 11.5.2, version 11.5.3, version 11.5.4 before HF2, version 11.6.0 before HF8, HF1 Version 11.6.1 before, Version 12.0.0 before HF4, Version 12.1.0 before HF2

Trust: 1.98

sources: NVD: CVE-2016-5700 // JVNDB: JVNDB-2016-005087 // BID: 93325 // VULHUB: VHN-94519

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.1	Trust: 2.7
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.1	Trust: 2.4
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.1	Trust: 2.1
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.4	Trust: 1.9
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.1	Trust: 1.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.1	Trust: 1.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.1	Trust: 1.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.1	Trust: 1.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.1	Trust: 1.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.0	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.0.0	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.4	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.3	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.0	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.3	Trust: 1.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.2	Trust: 1.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.1	Trust: 1.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0	Trust: 1.3
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.0 to 11.5.1 hf10	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.2 to 11.5.4 hf1	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.0 to 11.6.0 hf7	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.0.0 to 12.0.0 hf3	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.0 to 12.1.0 hf1	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.0 to 11.5.1 hf10	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.2 to 11.5.4 hf1	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.0 to 11.6.0 hf7	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.0.0 to 12.0.0 hf3	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.0 to 12.1.0 hf1	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.0 to 11.5.1 hf10	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.2 to 11.5.4 hf1	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.0 to 11.6.0 hf7	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.0.0 to 12.0.0 hf3	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.0 to 12.1.0 hf1	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.0 to 11.5.1 hf10	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.2 to 11.5.4 hf1	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.0 to 11.6.0 hf7	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.0.0 to 12.0.0 hf3	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.0 to 12.1.0 hf1	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.0 to 11.5.1 hf10	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.2 to 11.5.4 hf1	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.0 to 11.6.0 hf7	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0.0 to 12.0.0 hf3	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0 to 12.1.0 hf1	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0 to 11.5.1 hf10	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.2 to 11.5.4 hf1	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.0 to 11.6.0 hf7	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0 to 12.0.0 hf3	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0 to 12.1.0 hf1	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.0 to 11.5.1 hf10	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.2 to 11.5.4 hf1	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.0 to 11.6.0 hf7	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.0.0 to 12.0.0 hf3	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.0 to 12.1.0 hf1	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.0 to 11.6.0 hf7	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0.0 to 12.0.0 hf3	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.0 to 12.1.0 hf1	Trust: 0.8
vendor:	f5	model:	big-ip websafe hf1	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf3	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf2	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf1	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip pem hf3	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf2	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip pem hf6	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip pem hf10	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.5	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf5	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf4	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf7	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf6	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf10	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf3	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf5	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf4	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf3	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf2	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller build	scope:	eq	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf6	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf4	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf10	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf5	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip asm build	scope:	eq	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip asm hf7	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip asm hf6	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip asm hf10	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf3	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf2	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf5	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf4	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf3	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf2	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm build	scope:	eq	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf7	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip apm hf6	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip apm hf5	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip apm hf4	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip apm hf3	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip apm hf10	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.5.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip afm build	scope:	eq	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip afm hf7	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip afm hf6	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip afm build	scope:	eq	version:	11.66.204.442	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip afm hf10	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.5	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf3	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf2	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf5	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf4	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip aam build	scope:	eq	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf7	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip aam hf6	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip aam hf10	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf3	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf2	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf5	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf4	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf1	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf8	scope:	ne	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator hf2	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip pem hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip pem hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip pem hf8	scope:	ne	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip pem hf2	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip pem hf11	scope:	ne	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf8	scope:	ne	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf11	scope:	ne	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf8	scope:	ne	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf2	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf11	scope:	ne	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm hf2	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip asm hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip asm hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip asm hf8	scope:	ne	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip asm hf2	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip asm hf11	scope:	ne	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf8	scope:	ne	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip apm hf11	scope:	ne	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf2	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip afm hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip afm hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip afm hf8	scope:	ne	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip afm hf2	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip afm hf11	scope:	ne	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf8	scope:	ne	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip aam hf2	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip aam hf11	scope:	ne	version:	11.5.1	Trust: 0.3

sources: BID: 93325 // JVNDB: JVNDB-2016-005087 // CNNVD: CNNVD-201610-025 // NVD: CVE-2016-5700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-5700
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-5700
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201610-025
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-94519
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-5700
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-94519
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-5700
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-94519 // JVNDB: JVNDB-2016-005087 // CNNVD: CNNVD-201610-025 // NVD: CVE-2016-5700

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-94519 // JVNDB: JVNDB-2016-005087 // NVD: CVE-2016-5700

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-025

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201610-025

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005087

PATCH

title:	SOL35520031: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700	url:	https://support.f5.com/kb/en-us/solutions/public/k/35/sol35520031.html	Trust: 0.8
title:	F5 BIG-IP Remediation measures for remote security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64464	Trust: 0.6

sources: JVNDB: JVNDB-2016-005087 // CNNVD: CNNVD-201610-025

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5700	Trust: 2.8
db:	SECTRACK	id:	1036928	Trust: 1.7
db:	BID	id:	93325	Trust: 1.4
db:	JVNDB	id:	JVNDB-2016-005087	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-025	Trust: 0.7
db:	VULHUB	id:	VHN-94519	Trust: 0.1

sources: VULHUB: VHN-94519 // BID: 93325 // JVNDB: JVNDB-2016-005087 // CNNVD: CNNVD-201610-025 // NVD: CVE-2016-5700

REFERENCES

url:	https://support.f5.com/kb/en-us/solutions/public/k/35/sol35520031.html	Trust: 2.0
url:	http://www.securitytracker.com/id/1036928	Trust: 1.7
url:	http://www.securityfocus.com/bid/93325	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5700	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5700	Trust: 0.8
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-94519 // BID: 93325 // JVNDB: JVNDB-2016-005087 // CNNVD: CNNVD-201610-025 // NVD: CVE-2016-5700

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 93325

SOURCES

db:	VULHUB	id:	VHN-94519
db:	BID	id:	93325
db:	JVNDB	id:	JVNDB-2016-005087
db:	CNNVD	id:	CNNVD-201610-025
db:	NVD	id:	CVE-2016-5700

LAST UPDATE DATE

2024-11-23T22:52:39.027000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-94519	date:	2016-11-28T00:00:00
db:	BID	id:	93325	date:	2016-10-10T01:04:00
db:	JVNDB	id:	JVNDB-2016-005087	date:	2016-10-06T00:00:00
db:	CNNVD	id:	CNNVD-201610-025	date:	2016-10-08T00:00:00
db:	NVD	id:	CVE-2016-5700	date:	2024-11-21T02:54:50.933

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-94519	date:	2016-10-03T00:00:00
db:	BID	id:	93325	date:	2016-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2016-005087	date:	2016-10-06T00:00:00
db:	CNNVD	id:	CNNVD-201610-025	date:	2016-10-08T00:00:00
db:	NVD	id:	CVE-2016-5700	date:	2016-10-03T16:09:13.790