Certificate Revocation List (CRL) Download Failure Allows Revoked Certificate Validation in BIG-IP APM

Certificate Revocation List (CRL) Download Failure Allows Revoked Certificate Validation in BIG-IP APM

CVE-2018-15326 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List.

Learn more about our Web Application Penetration Testing UK.