writeups.xyz / Refresh: Compromising F5 BIG-IP With Request Smuggling | CVE-2023-46747

Submitter : c2a

Date: 26 October 2023

Bounty : undisclosed

Vulnerabilities :

• HTTP Request Smuggling
• Authentication Bypass
• RCE
• Apache JServ Protocol (AJP)

Programs :

• F5

Authors :

• Michael Weber (@BouncyHat)
• Thomas Hendrickson

Link :
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/