CVSS: 5.5EPSS: 0%CPEs: 123EXPL: 0CVE-2016-7474
https://notcve.org/view.php?id=CVE-2016-7474
In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. En algunos casos la caché binaria MCPD en dispositivos F5 BIG-IP pueden permitir a un usuario con acceso Advanced Shell, o privilegios generar un qkview, para obtener temporalmente información normalmente irrecuperable. • http://www.securityfocus.com/bid/97198 http://www.securitytracker.com/id/1038133 https://support.f5.com/csp/article/K52180214 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 30EXPL: 0CVE-2016-9245
https://notcve.org/view.php?id=CVE-2016-9245
In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. En sistemas F5 BIG-IP 12.1.0 - 12.1.2, solicitudes maliciosas realizadas a servidores virtuales con un perfil HTTP pueden provocar que el TMM se reinicie. • http://www.securityfocus.com/bid/96471 http://www.securitytracker.com/id/1037964 https://support.f5.com/csp/article/K22216037 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 80EXPL: 0CVE-2016-6249
https://notcve.org/view.php?id=CVE-2016-6249
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. peticiones F5 BIG-IP 12.0.0 y 11.5.0 - 11.6.1 REST que expiran durante la autenticación de una cuenta de usuario pueden registrar atributos sensibles como contraseñas en plaintext para /var/log/restjavad.0.log. Esto puede permitir a usuarios locales obtener información sensible al leer estos archivos. • http://www.securitytracker.com/id/1037873 https://support.f5.com/csp/article/K12685114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2016-9249
https://notcve.org/view.php?id=CVE-2016-9249
An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). Un patrón de tráfico no revelado recibido por un servidor virtual BIG-IP con TCP Fast Open habilitado puede provocar el reinicio de Traffic Management Microkernel (TMM), resultando en una Denegación de Servicio (DoS). • http://www.securityfocus.com/bid/95825 http://www.securitytracker.com/id/1037715 https://support.f5.com/csp/article/K71282001 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2016-9247
https://notcve.org/view.php?id=CVE-2016-9247
Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart. Bajo ciertas condiciones para sistemas BIG-IP que utilizan un servidor virtual con un perfil asociado FastL4 y un perfil de análisis TCP, una secuencia especifica de paquetes podría provocar que el Traffic Management Microkernel (TMM) se reinicie. • http://www.securityfocus.com/bid/95405 http://www.securitytracker.com/id/1037581 https://support.f5.com/csp/#/article/K33500120 • CWE-20: Improper Input Validation •