A security flaw in the F5 Networks’ BIG-IP load balancer, which is popular among governments, banks, and other large corporations, could be exploited to allow network access. F-Secure senior security consultant Christoffer Jerkeby has discovered the issue in the Tcl programming language that BIG-IP's iRules (the feature that BIG-IP uses to direct incoming web traffic) are written in. Certain coding practices allow attackers to inject arbitrary Tcl commands, which could be executed in the security context of the target Tcl script. "This configuration issue is really quite severe because it's stealthy enough for an attacker to get in, achieve a… [Continue Reading]
Continue reading...
Continue reading...