This Metasploit module identifies F5 BIG-IP load balancers and leaks backend information (pool name, routed domain, and backend servers IP addresses and ports) through cookies inserted by the BIG-IP systems.
9ee974ddcf745a8d90114f78b4bee406b11b978a0da1127de6c71b1c082b64c1This Metasploit module exploits a resource exhaustion denial of service in F5 BigIP devices. An unauthenticated attacker can establish multiple connections with BigIP Access Policy Manager (APM) and exhaust all available sessions defined in customer license. In the first step of the BigIP APM negotiation the client sends a HTTP request. The BigIP system creates a session, marks it as pending and then redirects the client to an access policy URI. Since BigIP allocates a new session after the first unauthenticated request, and deletes the session only if an access policy timeout expires, the attacker can exhaust all available sessions by repeatedly sending the initial HTTP request and leaving the sessions as pending.
80f0fe49902311ea75c477567f657a32975c1b2748ff531e9beb69dc2473042cThe management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, and directory traversal vulnerabilities.
e7627b90298023da272c5c16d0da665c56143382a6c2331b9af84784625a3870Silver Peak EdgeConnect version 8.1.4.9_65644 suffers from brute force, information leakage, cross site request forgery, cross site scripting, denial of service, default SNMP community string, and path traversal vulnerabilities.
b42452437467664a92247a8da4abc4bab26c4a029cebeb2baf14a4b90f2bc2ec
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed