#linux | #liuxsecurity | #computersecurity | This Week In Security: F5, Novel Ransomware, Freta, And Database Woes

The big story of the last week is a problem in F5’s BIG-IP devices. A rather trivial path traversal vulnerability allows an unauthenticated user to call endpoints that are intended to be restricted to authenticated. That attack can apparently be as simple as: ‘https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin’ A full exploit has…

read more