all InfoSec news
F5 fixes critical BIG-IP vulnerability (CVE-2023-46747)
Help Net Security www.helpnetsecurity.com
F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code execution (RCE). About CVE-2023-46747 Discovered and reported by Thomas Hendrickson and Michael Weber of Praetorian Security, CVE-2023-46747 is a request smuggling bug in the Apache JServ Protocol (AJP) used by the vulnerable devices. “This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system … More
The post …
apache authentication authentication bypass big big-ip bug bypass bypass vulnerability code code execution critical cve devices don't miss enterprise f5 networks fixes hot stuff michael modules networking networks patch praetorian purpose rce remote code remote code execution request request smuggling security smuggling thomas traffic monitoring unauthenticated vulnerabilities vulnerability