CVE-2016-3687
First published: Thu Jun 16 2016(Updated: )
Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Big-ip Access Policy Manager | =11.2.1 | |
| F5 Big-ip Access Policy Manager | =11.4.0 | |
| F5 Big-ip Access Policy Manager | =11.4.1 | |
| F5 Big-ip Access Policy Manager | =11.5.0 | |
| F5 Big-ip Access Policy Manager | =11.5.1 | |
| F5 Big-ip Access Policy Manager | =11.5.2 | |
| F5 Big-ip Access Policy Manager | =11.5.3 | |
| F5 Big-ip Access Policy Manager | =11.5.4 | |
| F5 Big-ip Access Policy Manager | =11.6.0 | |
| F5 Big-ip Edge Gateway | =11.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/f5
- canonical/f5 big-ip access policy manager
- version/f5 big-ip access policy manager/11.2.1
- version/f5 big-ip access policy manager/11.4.0
- version/f5 big-ip access policy manager/11.4.1
- version/f5 big-ip access policy manager/11.5.0
- version/f5 big-ip access policy manager/11.5.1
- version/f5 big-ip access policy manager/11.5.2
- version/f5 big-ip access policy manager/11.5.3
- version/f5 big-ip access policy manager/11.5.4
- version/f5 big-ip access policy manager/11.6.0
- canonical/f5 big-ip edge gateway
- version/f5 big-ip edge gateway/11.2.1