Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
tmui/login.jsp
F5 BIG-IP
What an attacker could do
This is the F5 BIG-IP Traffic Management UI login, the entry point for the iControl REST authentication-bypass RCE chain (CVE-2020-5902 / CVE-2022-1388); an unauthenticated attacker can gain root on the appliance and intercept all proxied traffic.
How to defend it
Patch BIG-IP to a fixed version and never expose the management interface (TMUI) to the internet; bind it to a dedicated management VLAN restricted to admin hosts.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation