CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2020-5857
https://notcve.org/view.php?id=CVE-2020-5857
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service. En BIG-IP versiones 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5 y 11.5.2-11.6.5.1, un comportamiento HTTP no revelado puede conllevar a una denegación de servicio. • https://support.f5.com/csp/article/K70275209 •
CVSS: 5.9EPSS: 0%CPEs: 45EXPL: 2CVE-2013-3587
https://notcve.org/view.php?id=CVE-2013-3587
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. El protocolo HTTPS, como es usado en aplicaciones web no especificadas, puede cifrar datos comprimidos sin ofuscar apropiadamente la longitud de los datos no cifrados, facilitando a atacantes de tipo "man-in-the-middle" obtener valores secretos en texto plano al observar las diferencias de longitud durante una serie de adivinaciones en las que una cadena en una URL de peticiones HTTP coincide potencialmente con una cadena desconocida en un cuerpo de respuesta HTTP, también se conoce como ataque "BREACH", un problema diferente de CVE-2012-4929. • http://breachattack.com http://github.com/meldium/breach-mitigation-rails http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407 http://slashdot.org/story/13/08/05/233216 http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf http://www.kb.cert.org/vuls/id/987798 https://bugzilla.redhat.com/show_bug.cgi?id=995168 https://hackerone.com/reports/254895 https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apach • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 84EXPL: 0CVE-2020-5854
https://notcve.org/view.php?id=CVE-2020-5854
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made. En BIG-IP versiones 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5 y 11.6.0-11.6.5.1, el tmm se bloquea en determinadas circunstancias cuando se usa el perfil connector si una secuencia específica de conexiones es realizada. • https://support.f5.com/csp/article/K50046200 •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2020-5852
https://notcve.org/view.php?id=CVE-2020-5852
Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. • https://support.f5.com/csp/article/K53590702 •
CVSS: 5.3EPSS: 0%CPEs: 77EXPL: 0CVE-2014-5209
https://notcve.org/view.php?id=CVE-2014-5209
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. Existe una vulnerabilidad de Divulgación de Información en los mensajes privados (modo 6/7) de NTP versión 4.2.7p25 por medio de un mensaje de control GET_RESTRICT, que podría permitir a un usuario malicioso obtener información confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/95841 https://support.f5.com/csp/article/K44942017 https://support.f5.com/csp/article/K44942017?utm_source=f5support&%3Butm_medium=RSS • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •