F5 Networks BIG-IP : Apache vulnerability (K65355492)
Medium Nessus Plugin ID 118692
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionApache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices. (CVE-2018-5506)
This vulnerability can disclose the em_server_ip field of valid client certificates. This does not reveal the certificate needed for authentication.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K65355492.