Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
F5 BIG-IP devices are typically internet-facing and this vulnerability has been exploited by threat actors. Public exploit code is available, enabling unauthenticated attackers to gain full administrator privileges, control of a BIG-IP device, and launch additional attacks on the network.
Kill Chain
Risk Score
92
BIG-IP is a collection of hardware and software solutions that direct traffic across a network. BIG-IP appliances provide a Configuration Utility web interface known as the Traffic Management User Interface (TMUI). TMUI forwards HTTP requests over the Apache JServe Protocol (AJP). A request smuggling vulnerability in the TMUI will mishandle HTTP requests sent between an Apache HTTP front-end server and an AJP back-end server, leading to authentication bypass. To exploit this vulnerability, the attacker creates an HTTP POST request with a manipulated Transfer-Encoding header, a malicious AJP message in the POST body, and a URL with /tmui/login.jsp. The TMUI forwards the POST request and the smuggled AJP message to the back-end server for processing, which interprets the AJP message in the POST body as another forwarded POST request. After a successful exploit, the attacker can chain together multiple requests to eventually send an HTTP POST request to the /mgmt/tm/util/bash endpoint, which leads to remote code execution.
