CVE-2016-6249 - Vulnerability Details

F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Big-ip Access Policy Manager Big-ip Advanced Firewall Manager Big-ip Analytics Big-ip Application Acceleration Manager Big-ip Application Security Manager Big-ip Domain Name System Big-ip Global Traffic Manager Big-ip Link Controller Big-ip Local Traffic Manager Big-ip Policy Enforcement Manager Big-ip Websafe

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.6.1:::::::*
	cpe:2.3:a:f5:big-ip_analytics:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.6.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:::::::*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:::::::*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:::::::*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:::::::*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:::::::*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:::::::*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:::::::*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:::::::*
cpe:2.3:a:f5:big-ip_websafe:11.5.0:::::::*
cpe:2.3:a:f5:big-ip_websafe:11.5.1:::::::*
cpe:2.3:a:f5:big-ip_websafe:11.5.2:::::::*
cpe:2.3:a:f5:big-ip_websafe:11.5.3:::::::*
cpe:2.3:a:f5:big-ip_websafe:11.5.4:::::::*
cpe:2.3:a:f5:big-ip_websafe:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_websafe:11.6.1:::::::*
cpe:2.3:a:f5:big-ip_websafe:12.0.0:::::::*

No data.

References

Link	Providers
http://www.securitytracker.com/id/1037873
https://support.f5.com/csp/article/K12685114

History

No history.

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2017-02-20T15:00:00

Updated: 2024-08-06T01:22:20.654Z

Reserved: 2016-07-19T00:00:00

Link: CVE-2016-6249

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-02-20T15:59:00.170

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-6249

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "F5 BIG-IP, REST Framework Logging", "vendor": "F5 Networks", "versions": [{"status": "affected", "version": "BIG-IP 12.0.0, BIG-IP 11.5.0 - 11.6.1"}]}], "datePublic": "2017-02-11T00:00:00", "descriptions": [{"lang": "en", "value": "F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files."}], "problemTypes": [{"descriptions": [{"description": "Information Leak / Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-24T12:57:01", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K12685114"}, {"name": "1037873", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037873"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "ID": "CVE-2016-6249", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "F5 BIG-IP, REST Framework Logging", "version": {"version_data": [{"version_value": "BIG-IP 12.0.0, BIG-IP 11.5.0 - 11.6.1"}]}}]}, "vendor_name": "F5 Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Leak / Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K12685114", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K12685114"}, {"name": "1037873", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037873"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:22:20.654Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K12685114"}, {"name": "1037873", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037873"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2016-6249", "datePublished": "2017-02-20T15:00:00", "dateReserved": "2016-07-19T00:00:00", "dateUpdated": "2024-08-06T01:22:20.654Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C0312FC-8178-46DE-B4EE-00F2895073BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "BC6C5628-14FF-4D75-B62E-D4B2707C1E3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "C9E574F6-34B6-45A6-911D-E5347DA22F69", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "BCF94129-8779-4D68-8DD4-B828CA633746", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "BA2E88AA-0523-48D0-8664-6AFDBCB6C940", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E33BCA5B-CE91-451C-9821-2023A9E461C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "3755740D-F1DC-4910-ADDD-9D491515201C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA244A7D-F65D-4114-81C8-CE811959EA10", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "5EA9F72C-8344-4370-B511-31BEC8BA63E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "96CF015E-C74B-4215-9103-8087BC1D12AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "CFE4DB00-433D-414A-A1CE-E507B9BB809B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B276E4DF-69FC-4158-B93A-781A45605034", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "CBAB92C5-2D50-49CC-AECA-0D16BC44A788", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "532AAF54-64EF-4852-B4F1-D5E660463704", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7D226F1-6513-4233-BE20-58D7AB24978F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B33B2082-E040-4799-A260-BA687ED8614E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A85766A4-2181-4719-ADCF-4FEA0031DB80", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D2E93EE3-DB73-468E-87CA-4D277F283648", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "ADB01A61-1924-417F-8A75-9FDF8F14F754", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A065BC0-56BD-4665-A860-EBA37F1A4D8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0EDB8E9-E6FB-406E-B1D3-C620F114804C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "A4489382-0668-4CFB-BA89-D54762937CEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "9850D0AA-B173-47B2-9B69-75E6D1FAF490", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "281D0B5B-27DF-4E8A-AFC9-D09468F8ECDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "40994EB4-4D31-4697-964D-1F0B09864DF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5B40837-EC2B-41FB-ACC3-806054EAF28C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "48BE0210-7058-462A-BA17-845D3E4F52FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CA2FA6B-3930-432F-8FB5-E73604CEFE42", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1AD2C1D2-103E-4B0F-84AA-999F01E695F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "855E91A4-0A0C-4E5C-8019-FB513A793803", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "FCCC2092-E109-4FF6-9B85-6C9434269851", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "8923BB93-96C1-417B-9172-4A81E731EBA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "274E34BF-82A5-4D9E-BC72-202193A47A5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "475F0EF8-42CB-4099-9C4A-390F946C4924", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "94DBCD7A-E4DA-4C08-87A4-960CF53A83E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B0A70A-D101-443E-A543-5EC35E23D66F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "524B2D05-508C-47FF-94A0-6CC42060E638", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "0594DBC5-8470-416C-A5EA-E04F5AB2C799", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "BD3A3BA6-6F60-45CA-8F52-687B671B077A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "202B6870-718C-4F8D-9BAB-7ED6385BF2A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "EC6A3691-ADC4-44BC-8A11-D855B13EF128", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7D7863D-B064-4D7A-A66B-C3D3523425FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "911BB6DB-B2D1-4855-A65C-F0799E034358", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "13E6D2CA-CC4F-4317-A842-4DF0693B0CB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "AB017D7A-3290-4EF5-9647-B488771A5F32", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "4F316C54-FAE4-48D8-9E40-ED358C30BF24", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC0F5FD3-45E7-4D55-A3AC-6572FC0682D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "56BAC4C7-AB42-4BBD-98B5-0AE8B032CCC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "5CDEC701-DAB3-4D92-AA67-B886E6693E46", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C641B4F-DCFF-4A1B-9E00-EDF18A270241", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E90C12AF-44BA-44A2-89ED-0C2497EEC8A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5D27D4A-BD5C-4FA9-AA72-F7956298DE06", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "12F86EB5-D581-4103-A802-44D968BA8D55", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "36F383ED-8CB5-400D-BFDB-BD5B8CD8C7AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "E6203A11-82C3-4ABA-94E9-085BFF1A0E4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "06224D59-35F8-4168-80C5-CF5B17E99050", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2B502F2-404C-463B-B6BE-87489DC881F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B6EA0C0-9C26-4A87-98F1-5B317D606ECB", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D379372-A226-4230-B1F3-04C696518BD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "22FAC35D-2803-49B0-9382-F14594B88FC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C72257B-FF99-4707-A0E3-316D538B1CF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "18CFA52E-F9D7-40C3-9DB5-CDD5767E1F0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "C1EA4F45-35F7-4687-8D1A-A5ACD846500A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "23FF9627-E561-4CF7-A685-6E33D2F6C98C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B45F50EB-D059-4251-AF03-DEC2F306C74C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "50A13328-66C1-4D9D-8E46-754401D5F457", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "E94FCC0F-5505-4123-B3FA-ACB90DDE276E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "22A30CF4-7D0D-46A6-A2F4-8DC0C1AA4480", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "38245250-AE45-456F-9C40-A073AED930C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "228D5DA1-C78A-4E05-997A-50F6C1B59593", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "452C59B8-230D-4FC0-B76D-FA6E381E3713", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2EE1EEA6-1E25-4A90-91A1-386D19808557", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files."}, {"lang": "es", "value": "peticiones F5 BIG-IP 12.0.0 y 11.5.0 - 11.6.1 REST que expiran durante la autenticaci\u00f3n de una cuenta de usuario pueden registrar atributos sensibles como contrase\u00f1as en plaintext para /var/log/restjavad.0.log. Esto puede permitir a usuarios locales obtener informaci\u00f3n sensible al leer estos archivos."}], "id": "CVE-2016-6249", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-20T15:59:00.170", "references": [{"source": "f5sirt@f5.com", "url": "http://www.securitytracker.com/id/1037873"}, {"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K12685114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K12685114"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object