ID

VAR-201712-0669


CVE

CVE-2017-6139


TITLE

F5 BIG-IP APM Vulnerability related to information leakage from log files in software

Trust: 0.8

sources: JVNDB: JVNDB-2017-011681

DESCRIPTION

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. F5 BIG-IP APM is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information. This may lead to other attacks. Pulse Connect Secure and Desktop Client are prone to a local information-disclosure vulnerability. The following versions and products are vulnerable: Versions prior to Desktop Client 9.0R3, and 5.3R7 Versions prior to Pulse Connect Secure 9.0R3, 8.3R7, and 8.1R14. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks

Trust: 2.52

sources: NVD: CVE-2017-6139 // JVNDB: JVNDB-2017-011681 // BID: 107884 // BID: 106186 // BID: 107881 // VULHUB: VHN-114342

AFFECTED PRODUCTS

vendor:f5model:big-ip access policy managerscope:eqversion:12.1.2

Trust: 2.4

vendor:f5model:big-ip access policy managerscope:eqversion:13.0.0

Trust: 2.4

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.2019

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.3054

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.5130

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.7021

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.1025

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.4

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.3054

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.4.2034

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.5075

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.1047

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.217

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.2043

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.3.4027

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.629

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.2.140

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.3.185

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.4235

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.5182

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.3046

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.3051

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.14018

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.4.5004

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.2.133

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.3050

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.3041

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.7

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.5112

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.5116

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.5125

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.2017

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.2001

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.7059

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.3.2016

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.3.2039

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.9266

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.4

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.8057

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.4.4004

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.4.1012

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.4.4014

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.6073

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.2

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.6

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.8066

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.4.243

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.3

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.2011

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.9231

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.3.1003

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.2052

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.0.48

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.5118

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.495

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.6005

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.3.254

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.2014

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.3.5017

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.9353

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.2.128

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.4.7073

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.1(8)

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.2

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.2.136

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.2010

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.5131

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.3055

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.3.1095

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.4.202

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.2006

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.0.5080

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.0.51

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.3.3086

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.3

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.5

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.5187

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.5.2018

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.2

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:2.4.7030

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.4.1054

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip apmscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip apmscope:neversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip apmscope:neversion:12.1.3

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 9.0r2scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 9.0r1scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.3r6scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.3r5scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.3r4scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.3r1scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r7scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r6scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r5scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r4scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r3scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r2scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r13scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r12scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r10scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r1scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure desktop client 9.0r2scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure desktop client 9.0r1scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure desktop client 5.3r6scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure desktop client 5.3r1scope: - version: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 9.0r3scope:neversion: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.3r7scope:neversion: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r14scope:neversion: -

Trust: 0.3

vendor:pulsemodel:secure desktop client 9.0r3scope:neversion: -

Trust: 0.3

vendor:pulsemodel:secure desktop client 5.3r7scope:neversion: -

Trust: 0.3

sources: BID: 107884 // BID: 106186 // BID: 107881 // JVNDB: JVNDB-2017-011681 // CNNVD: CNNVD-201702-781 // NVD: CVE-2017-6139

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6139
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6139
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201702-781
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114342
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6139
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114342
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6139
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114342 // JVNDB: JVNDB-2017-011681 // CNNVD: CNNVD-201702-781 // NVD: CVE-2017-6139

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

sources: VULHUB: VHN-114342 // JVNDB: JVNDB-2017-011681 // NVD: CVE-2017-6139

THREAT TYPE

local

Trust: 0.6

sources: BID: 107884 // BID: 107881

TYPE

Design Error

Trust: 0.6

sources: BID: 107884 // BID: 107881

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011681

PATCH

title:K45432295url:https://support.f5.com/csp/article/K45432295

Trust: 0.8

title:F5 BIG-IP Access Policy Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91637

Trust: 0.6

sources: JVNDB: JVNDB-2017-011681 // CNNVD: CNNVD-201702-781

EXTERNAL IDS

db:NVDid:CVE-2017-6139

Trust: 2.8

db:BIDid:106186

Trust: 2.0

db:SECTRACKid:1040055

Trust: 1.7

db:CERT/CCid:VU#192371

Trust: 1.5

db:JVNDBid:JVNDB-2017-011681

Trust: 0.8

db:CNNVDid:CNNVD-201702-781

Trust: 0.7

db:BIDid:107884

Trust: 0.3

db:PULSESECUREid:SA44114

Trust: 0.3

db:BIDid:107881

Trust: 0.3

db:VULHUBid:VHN-114342

Trust: 0.1

sources: VULHUB: VHN-114342 // BID: 107884 // BID: 106186 // BID: 107881 // JVNDB: JVNDB-2017-011681 // CNNVD: CNNVD-201702-781 // NVD: CVE-2017-6139

REFERENCES

url:http://www.securityfocus.com/bid/106186

Trust: 2.3

url:https://support.f5.com/csp/article/k45432295

Trust: 2.0

url:http://www.securitytracker.com/id/1040055

Trust: 1.7

url:https://www.kb.cert.org/vuls/id/192371/

Trust: 1.5

url:http://www.f5.com/products/big-ip/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6139

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-6139

Trust: 0.8

url:http://www.cisco.com/en/us/products/ps10884/index.html

Trust: 0.3

url:https://www.pulsesecure.net/

Trust: 0.3

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44114/

Trust: 0.3

sources: VULHUB: VHN-114342 // BID: 107884 // BID: 106186 // BID: 107881 // JVNDB: JVNDB-2017-011681 // CNNVD: CNNVD-201702-781 // NVD: CVE-2017-6139

CREDITS

National Defense ISAC Remote Access Working Group

Trust: 0.6

sources: BID: 107884 // BID: 107881

SOURCES

db:VULHUBid:VHN-114342
db:BIDid:107884
db:BIDid:106186
db:BIDid:107881
db:JVNDBid:JVNDB-2017-011681
db:CNNVDid:CNNVD-201702-781
db:NVDid:CVE-2017-6139

LAST UPDATE DATE

2024-11-23T22:07:41.176000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-114342date:2019-04-12T00:00:00
db:BIDid:107884date:2019-04-11T00:00:00
db:BIDid:106186date:2019-04-12T08:00:00
db:BIDid:107881date:2019-04-11T00:00:00
db:JVNDBid:JVNDB-2017-011681date:2018-01-24T00:00:00
db:CNNVDid:CNNVD-201702-781date:2019-04-15T00:00:00
db:NVDid:CVE-2017-6139date:2024-11-21T03:29:07.657

SOURCES RELEASE DATE

db:VULHUBid:VHN-114342date:2017-12-21T00:00:00
db:BIDid:107884date:2019-04-11T00:00:00
db:BIDid:106186date:2017-12-21T00:00:00
db:BIDid:107881date:2019-04-11T00:00:00
db:JVNDBid:JVNDB-2017-011681date:2018-01-24T00:00:00
db:CNNVDid:CNNVD-201702-781date:2017-02-23T00:00:00
db:NVDid:CVE-2017-6139date:2017-12-21T17:29:00.560