CVE-2021-23007
https://notcve.org/view.php?id=CVE-2021-23007
On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 14.1.4 y 16.0.1.1, cuando el proceso Traffic Management Microkernel (TMM) maneja cierto tráfico no revelado, puede comenzar a eliminar todo el tráfico IP fragmentado. Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K37451543 •
CVE-2021-23004
https://notcve.org/view.php?id=CVE-2021-23004
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2, versiones 14.1.x anteriores a 14.1.3.1, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3, Los flujos de reenvío de Multipath TCP (MPTCP) se pueden crear en servidores virtuales estándar sin MPTCP habilitado en el perfil de TCP aplicado. Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K31025212 •
CVE-2021-23001
https://notcve.org/view.php?id=CVE-2021-23001
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En las versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3 , la funcionalidad de carga en BIG-IP Advanced WAF y BIG-IP ASM permite a un usuario autenticado cargar archivos al sistema BIG-IP mediante una llamada a un endpoint iControl REST no revelado. Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K06440657 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-22998
https://notcve.org/view.php?id=CVE-2021-22998
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3, los umbrales de protección contra inundaciones SYN no se aplican en escuchas de secure network address translation (SNAT). Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K31934524 •
CVE-2021-22999
https://notcve.org/view.php?id=CVE-2021-22999
On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En las versiones 15.0.x anteriores a 15.1.0 y 14.1.x anteriores a 14.1.4, el sistema BIG-IP ofrece una opción para conectar clientes HTTP/2 a servidores HTTP/1.x. Cuando un cliente tarda en aceptar respuestas y cierra una conexión prematuramente, el sistema BIG-IP puede retener indefinidamente algunos flujos sin cerrar. • https://support.f5.com/csp/article/K02333782 •