CVE-2016-7467

The TMM SSO plugin in F5 BIG-IP APM 12.0.0 – 12.1.1, 11.6.0 – 11.6.1 HF1, 11.5.4 – 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.

Leave a Reply