CVSS: 9.3EPSS: 3%CPEs: 25EXPL: 0CVE-2018-5504
https://notcve.org/view.php?id=CVE-2018-5504
22 Mar 2018 — In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1. En algunas circunstancias, el TMM (Traffic Management Microkernel) no gestiona correctamente algunas peticiones/respuestas Websockets mal formadas. Esto permite que atacantes remotos provoquen u... • http://www.securitytracker.com/id/1040558 •
CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 0CVE-2018-5509
https://notcve.org/view.php?id=CVE-2018-5509
22 Mar 2018 — On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. ... • http://www.securityfocus.com/bid/103504 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 39EXPL: 0CVE-2018-5500
https://notcve.org/view.php?id=CVE-2018-5500
01 Mar 2018 — On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue. En sistemas F5 BIG-IP que ejecutan las versiones 13.0.0, 12.1.0 - 12.1.3.1 o 11.6.1 - 11.6.2, cada conexión Multipath TCP (MCTCP) que se establece filtra una pequeña cantidad de memoria. Los servidores virtuales que emplean el perfil TCP con la ... • http://www.securityfocus.com/bid/103217 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5501
https://notcve.org/view.php?id=CVE-2018-5501
01 Mar 2018 — In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control. En algunas circunstancias, en sistemas F5 BIG-IP que ejecutan 13.0.0, 12.1.0 - 12.1.3.1, cualquier versión 11.6.x o 11.5.x o 11.2.1, el perfil TCP DNS permite el buffering excesivo debido a la falta de control de flujo. • http://www.securityfocus.com/bid/103211 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-6150
https://notcve.org/view.php?id=CVE-2017-6150
01 Mar 2018 — Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM). Bajo ciertas condiciones para los sistemas F5 BIG-IP 13.0.0 o 12.1.0 - 12.1.3.1 que emplean perfiles FastL4, cuando la opción Reassemble IP Fragments está deshabilitada (por defecto), algunos paquetes grandes fragmentados podrían reiniciar el TMM (Traffic M... • http://www.securityfocus.com/bid/103235 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6142
https://notcve.org/view.php?id=CVE-2017-6142
19 Jan 2018 — X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. No se implementó correctamente la versificación de certificados X509 en la característica de acceso temprano "user id" en F5 BIG-IP Advanced Firewall Manager, en versiones 13.0.0, 12.1.0-12.1.2 y 11.6.0-11.6.2 y, por lo tanto... • http://www.securitytracker.com/id/1040255 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0304
https://notcve.org/view.php?id=CVE-2017-0304
21 Dec 2017 — A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. Existe una vulnerabilidad de inyección SQL en la interfaz de usuario de gestión de BIG-IP AFM en versiones 12.0.0, 12.1.0, 12.1.1, 12.1.2 y 13.0.0 que podría permitir que se mani... • http://www.securityfocus.com/bid/102332 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 88EXPL: 0CVE-2017-6132
https://notcve.org/view.php?id=CVE-2017-6132
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y Websafe, en versiones de software 13.0.0, de la 12.0.0 a la 12.1.2, de la 11.6.0 a la 11.6.1 y de la 11.5.0 a ... • http://www.securityfocus.com/bid/102333 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-6133
https://notcve.org/view.php?id=CVE-2017-6133
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM y WebSafe, en versiones 13.0.0 y de la 12.1.0 a la 12.1.2, las peticiones HTTP no reveladas podrían provocar una denegación de servicio (DoS). • http://www.securityfocus.com/bid/102467 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 33EXPL: 0CVE-2017-6134
https://notcve.org/view.php?id=CVE-2017-6134
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe, en versiones de software 13.0.0, de la 12.1.0 a la 12.1.2 y de la 11.5.1 a la 11.6.1, una secuencia de paquetes no revelada cuyo origen es una red adyacente podría hacer que ... • http://www.securityfocus.com/bid/102466 • CWE-20: Improper Input Validation •