CVSS: 5.9EPSS: 0%CPEs: 65EXPL: 0CVE-2016-7468
https://notcve.org/view.php?id=CVE-2016-7468
An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting "enabled". The default value for the tm.tcpprogressive db variable is "negotiate". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. Un atacante remoto no autenticado puede ser capaz de interrumpir los servicios en los dispositivos F5 BIG-IP 11.4.1 - 11.5.4 con con tráfico red maliciosamente manipulado. • http://www.securityfocus.com/bid/97119 http://www.securitytracker.com/id/1038121 https://support.f5.com/csp/article/K13053402 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 80EXPL: 0CVE-2016-6249
https://notcve.org/view.php?id=CVE-2016-6249
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. peticiones F5 BIG-IP 12.0.0 y 11.5.0 - 11.6.1 REST que expiran durante la autenticación de una cuenta de usuario pueden registrar atributos sensibles como contraseñas en plaintext para /var/log/restjavad.0.log. Esto puede permitir a usuarios locales obtener información sensible al leer estos archivos. • http://www.securitytracker.com/id/1037873 https://support.f5.com/csp/article/K12685114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 95%CPEs: 115EXPL: 2CVE-2016-9244 – F5 BIG-IP SSL Virtual Server - 'Ticketbleed' Memory Disclosure
https://notcve.org/view.php?id=CVE-2016-9244
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well. Un servidor virtual BIG-IP configurado con un perfil Client SSL que tiene la opción Session Tickets no predeterminada habilitada podría perder hasta 31 portes de la memoria no inicializada. Un atacante remoto puede explotar esta vulnerabilidad para obtener los IDs de sesión Secure Sockets Layer (SSL) de otras sesiones. • https://www.exploit-db.com/exploits/41298 https://www.exploit-db.com/exploits/44446 http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html http://www.securityfocus.com/bid/96143 http://www.securitytracker.com/id/1037800 https://blog.filippo.io/finding-ticketbleed https://filippo.io/Ticketbleed https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py https://support.f5.com/csp/article/K05121675 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 5%CPEs: 67EXPL: 0CVE-2016-5700
https://notcve.org/view.php?id=CVE-2016-5700
Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors. Servidores virtuales en sistemas F5 BIG-IP 11.5.0, 11.5.1 en versiones anteriores a HF11, 11.5.2, 11.5.3, 11.5.4 en versiones anteriores a HF2, 11.6.0 en versiones anteriores a HF8, 11.6.1 en versiones anteriores a HF1, 12.0.0 en versiones anteriores a HF4 y 12.1.0 en versiones anteriores a HF2, cuando está configurado con la funcionalidad HTTP Explicit Proxy o perfil SOCKS, permiten a atacantes remotos modificar la configuración del sistema, leer archivos del sistema y posiblemente ejecutar código arbitrario a través de vectores no especificados. • http://www.securityfocus.com/bid/93325 http://www.securitytracker.com/id/1036928 https://support.f5.com/kb/en-us/solutions/public/k/35/sol35520031.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 128EXPL: 0CVE-2016-6876
https://notcve.org/view.php?id=CVE-2016-6876
The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP Analytics 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP DNS 12.0.0 before HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 10.2.1 through 10.2.4 and 11.2.1; BIG-IP GTM 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 10.2.1 through 10.2.4 and 11.4.0 through 11.4.1 allows remote DNS servers to cause a denial of service (CPU consumption or Traffic Management Microkernel crash) via a crafted PTR response. El comando RESOLV::lookup iRule en F5 BIG-IP LTM, APM, ASM y Link Controller 10.2.1 hasta la versión 10.2.4, 11.2.1, 11.4.x, 11.5.x en versiones anteriores a 11.5.4 HF2, 11.6.x en versiones anteriores a 11.6.1 y 12.0.0 en versiones anteriores a HF3; BIG-IP AAM, AFM y PEM 11.4.x, 11.5.x en versiones anteriores a 11.5.4 HF2, 11.6.x en versiones anteriores a 11.6.1 y 12.0.0 en versiones anteriores a HF3; BIG-IP Analytics 11.2.1, 11.4.x, 11.5.x en versiones anteriores a 11.5.4 HF2, 11.6.x en versiones anteriores a 11.6.1 y 12.0.0 en versiones anteriores a HF3; BIG-IP DNS 12.0.0 en versiones anteriores a HF3; BIG-IP Edge Gateway, WebAccelerator y WOM 10.2.1 hasta la versión 10.2.4 y 11.2.1; BIG-IP GTM 10.2.1 hasta la versión 10.2.4, 11.2.1, 11.4.x, 11.5.x en versiones anteriores a 11.5.4 HF2 y 11.6.x en versiones anteriores a 11.6.1; y BIG-IP PSM 10.2.1 hasta la versión 10.2.4 y 11.4.0 hasta la versión 11.4.1 permite a servidores DNS remotos provocar una denegación de servicio (consumo de CPU o caída de Traffic Management Microkernel) a través de una respuesta PTR manipulada. • http://www.securitytracker.com/id/1036725 https://support.f5.com/kb/en-us/solutions/public/k/52/sol52638558.html • CWE-399: Resource Management Errors •