Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.140223
Category:F5 Local Security Checks
Title:F5 BIG-IP - TMM SSO plugin vulnerability CVE-2016-7467
Summary:Traffic may be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via SP connector on a BIG-IP configured as a SAML Identity Provider.
Description:Summary:
Traffic may be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via SP connector on a BIG-IP configured as a SAML Identity Provider.

Vulnerability Impact:
When the system is exploited, traffic is temporarily disrupted while services restart.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-7467
BugTraq ID: 97168
http://www.securityfocus.com/bid/97168
http://www.securitytracker.com/id/1038131
Common Vulnerability Exposure (CVE) ID: CVE-2016-9244
BugTraq ID: 96143
http://www.securityfocus.com/bid/96143
https://www.exploit-db.com/exploits/41298/
http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html
https://blog.filippo.io/finding-ticketbleed/
https://filippo.io/Ticketbleed/
https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py
http://www.securitytracker.com/id/1037800
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.