Last Modified: Oct 07, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
14.1.0, 13.1.0
Opened: Oct 04, 2016 Severity: 3-Major
When the BIG-IP system is configured to redirect HTTP to HTTPS, iControl SOAP and iControl REST API calls are erroneously accepted on port 80 (in addition to 443).
iControl SOAP and iControl REST calls are accepted on an unencrypted port. API calls still require authentication, but results are not encrypted.
The BIG-IP has 'Redirect HTTP to HTTPS' enabled.
None.
HTTP to HTTPS TMUI redirection no longer erroneously allows HTTP access to iControl SOAP and iControl REST.