CVE-2019-6662
First published: Fri Nov 15 2019(Updated: )
On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IP Access Policy Manager | >=13.1.0<13.1.1.5 | |
| F5 BIG-IP Advanced Firewall Manager | >=13.1.0<13.1.1.5 | |
| F5 BIG-IP Analytics | >=13.1.0<13.1.1.5 | |
| F5 Big-ip Application Acceleration Manager | >=13.1.0<13.1.1.5 | |
| F5 BIG-IP Application Security Manager | >=13.1.0<13.1.1.5 | |
| F5 Big-ip Domain Name System | >=13.1.0<13.1.1.5 | |
| F5 Big-ip Edge Gateway | >=13.1.0<13.1.1.5 | |
| F5 Big-ip Fraud Protection Service | >=13.1.0<13.1.1.5 | |
| F5 Big-ip Global Traffic Manager | >=13.1.0<13.1.1.5 | |
| F5 Big-ip Link Controller | >=13.1.0<13.1.1.5 | |
| F5 Big-ip Local Traffic Manager | >=13.1.0<13.1.1.5 | |
| F5 Big-ip Policy Enforcement Manager | >=13.1.0<13.1.1.5 | |
| F5 Big-ip Webaccelerator | >=13.1.0<13.1.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-6662?
CVE-2019-6662 is a vulnerability on F5 BIG-IP products that allows sensitive information to be logged into local and remote log files.
What software is affected by CVE-2019-6662?
CVE-2019-6662 affects F5 BIG-IP Access Policy Manager, Advanced Firewall Manager, Analytics, Application Acceleration Manager, Application Security Manager, Domain Name System, Edge Gateway, Fraud Protection Service, Global Traffic Manager, Link Controller, Local Traffic Manager, Policy Enforcement Manager, and Webaccelerator.
How severe is CVE-2019-6662?
CVE-2019-6662 has a severity level of 6.5 (Medium).
How can sensitive information be exposed in CVE-2019-6662?
Sensitive information can be exposed in CVE-2019-6662 when restjavad processes an invalid request.
Is there a fix for CVE-2019-6662?
Yes, F5 has released a fix for CVE-2019-6662. Please refer to the F5 support article for more information.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/f5
- canonical/f5 big-ip access policy manager
- version/f5 big-ip access policy manager/13.1.0
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/13.1.0
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/13.1.0
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/13.1.0
- canonical/f5 big-ip application security manager
- version/f5 big-ip application security manager/13.1.0
- canonical/f5 big-ip domain name system
- version/f5 big-ip domain name system/13.1.0
- canonical/f5 big-ip edge gateway
- version/f5 big-ip edge gateway/13.1.0
- canonical/f5 big-ip fraud protection service
- version/f5 big-ip fraud protection service/13.1.0
- canonical/f5 big-ip global traffic manager
- version/f5 big-ip global traffic manager/13.1.0
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/13.1.0
- canonical/f5 big-ip local traffic manager
- version/f5 big-ip local traffic manager/13.1.0
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/13.1.0
- canonical/f5 big-ip webaccelerator
- version/f5 big-ip webaccelerator/13.1.0