CVE-2018-5506

CRITICAL Year: 2018
CVSS v3 Score
9.8
Critical
CVSS v2 Score
5.0
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices.

Related Vulnerabilities

CVE-2004-2776

CRITICAL
CVSS:9.8(Critical)

go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.

NVD-CWE-Other2004

CVE-2005-2354

CRITICAL
CVSS:9.8(Critical)

Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.

NVD-CWE-Other2005

CVE-2006-2827

CRITICAL
CVSS:9.8(Critical)

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the...

NVD-CWE-Other2006

CVE-2006-4264

CRITICAL
CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_abso...

NVD-CWE-Other2006

CVE-2006-4428

CRITICAL
CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, sinc...

NVD-CWE-Other2006