Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-5539

Summary
Assigner-f5
Assigner Org ID-9dacffd4-cb11-413f-8451-fbbfd4ddc0ab
Published At-25 Jul, 2018 | 14:00
Updated At-16 Sep, 2024 | 17:54
Rejected At-
Credits

Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:f5
Assigner Org ID:9dacffd4-cb11-413f-8451-fbbfd4ddc0ab
Published At:25 Jul, 2018 | 14:00
Updated At:16 Sep, 2024 | 17:54
Rejected At:
▼CVE Numbering Authority (CNA)

Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file.

Affected Products
Vendor
F5, Inc.F5 Networks, Inc.
Product
BIG-IP (ASM)
Versions
Affected
  • 13.0.0-13.1.0.7
  • 12.1.0-12.1.3.5
  • 11.6.0-11.6.3.1
  • 11.5.1-11.5.6
  • 11.2.1
Problem Types
TypeCWE IDDescription
textN/ADoS
Type: text
CWE ID: N/A
Description: DoS
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/104921
vdb-entry
x_refsource_BID
https://support.f5.com/csp/article/K75432956
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/104921
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://support.f5.com/csp/article/K75432956
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/104921
vdb-entry
x_refsource_BID
x_transferred
https://support.f5.com/csp/article/K75432956
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/104921
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://support.f5.com/csp/article/K75432956
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:f5sirt@f5.com
Published At:25 Jul, 2018 | 14:29
Updated At:24 Aug, 2020 | 17:37

Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
F5, Inc.
f5
>>big-ip_application_security_manager>>Versions from 11.5.1(inclusive) to 11.5.6(inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_application_security_manager>>Versions from 11.6.1(inclusive) to 11.6.3(inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_application_security_manager>>Versions from 12.1.0(inclusive) to 12.1.3(inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_application_security_manager>>Versions from 13.0.0(inclusive) to 13.1.0(inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_application_security_manager>>11.2.1
cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/104921f5sirt@f5.com
Third Party Advisory
VDB Entry
https://support.f5.com/csp/article/K75432956f5sirt@f5.com
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/104921
Source: f5sirt@f5.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://support.f5.com/csp/article/K75432956
Source: f5sirt@f5.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

174Records found
CVE-2019-6659
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.90% / 74.70%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 20:27
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CVE-2019-6619
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.04%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 19:35
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP (LTM, AAM, AFM, APM, ASM, Link Controller, PEM, WebAccelerator)
CVE-2019-6686
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.87% / 74.26%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 17:14
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, the Traffic Management Microkernel (TMM) might stop responding after the total number of diameter connections and pending messages on a single virtual server has reached 32K.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_local_traffic_managerBIG-IP
CVE-2019-6660
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 20:31
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6603
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 20:13
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.

Action-Not Available
Vendor-BIG-IPF5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_analyticsbig-ip_advanced_firewall_managerbig-ip_protocol_security_managerbig-ip_application_security_managerBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)
CVE-2019-6605
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 20:23
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service.

Action-Not Available
Vendor-BIG-IPF5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_analyticsbig-ip_advanced_firewall_managerbig-ip_protocol_security_managerbig-ip_application_security_managerBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)
CVE-2019-6666
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 21:54
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CVE-2019-11479
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-5.3||MEDIUM
EPSS-13.51% / 93.96%
||
7 Day CHG~0.00%
Published-18 Jun, 2019 | 23:34
Updated-16 Sep, 2024 | 23:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncF5, Inc.
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linuxvirtualization_hostbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systemiworkflowbig-ip_application_security_managerbig-ip_edge_gatewaylinux_kernelbig-ip_link_controllerbig-iq_centralized_managemententerprise_managerbig-ip_access_policy_managertraffix_signaling_delivery_controllerbig-ip_advanced_firewall_managerLinux kernel
CWE ID-CWE-405
Asymmetric Resource Consumption (Amplification)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2010-2266
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.17% / 92.83%
||
7 Day CHG~0.00%
Published-14 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.

Action-Not Available
Vendor-n/aF5, Inc.
Product-nginxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-5512
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-2.23% / 83.86%
||
7 Day CHG~0.00%
Published-02 May, 2018 | 13:00
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_websafebig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)
CVE-2018-5743
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-1.50% / 80.44%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 14:17
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Limiting simultaneous TCP clients was ineffective

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

Action-Not Available
Vendor-F5, Inc.Internet Systems Consortium, Inc.
Product-big-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systemiworkflowbig-ip_application_security_managerbig-ip_edge_gatewaybig-ip_link_controllerbig-iq_centralized_managemententerprise_managerbig-ip_access_policy_managerbindbig-ip_advanced_firewall_managerBIND 9
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-5534
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.16%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29479
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.87% / 74.26%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:45
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-iq_centralized_managementbig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IQ Centralized ManagementBIG-IP
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9252
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.20% / 78.04%
||
7 Day CHG~0.00%
Published-27 Mar, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_domain_name_systembig-ip_application_security_managerbig-ip_advanced_firewall_managerbig-ip_local_traffic_managerbig-ip_application_acceleration_managerbig-ip_websafebig-ip_link_controllerbig-ip_global_traffic_managerbig-ip_policy_enforcement_managerbig-ip_webacceleratorbig-ip_analyticsbig-ip_edge_gatewaybig-ip_access_policy_managerbig-ip_protocol_security_moduleF5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe
CVE-2020-5857
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 14:20
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CVE-2020-5931
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 15:17
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CVE-2020-5941
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.81%
||
7 Day CHG~0.00%
Published-05 Nov, 2020 | 19:18
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the RESOLV::lookup command.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CVE-2020-5875
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.81%
||
7 Day CHG~0.00%
Published-30 Apr, 2020 | 20:27
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CVE-2019-6676
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 16:41
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CVE-2019-6643
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.58% / 67.84%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 17:16
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CVE-2019-6677
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 16:50
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CVE-2019-6645
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.71%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 15:40
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CVE-2019-6631
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.07% / 76.85%
||
7 Day CHG~0.00%
Published-03 Jul, 2019 | 17:54
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_websafebig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CVE-2016-7472
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-9.12% / 92.35%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 13:00
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_security_managerBIG-IP ASM
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found