CVSS: 9.8EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5506
https://notcve.org/view.php?id=CVE-2018-5506
13 Apr 2018 — In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices. En F5 BIG-IP, en su versión 13.0.0, de la versión 12.1.0a la 12.1.2, la versión 11.6.1, de la versión 11.5.1 a la 11.5.5 o en la versión 11.2.1,... • https://support.f5.com/csp/article/K65355492 •
CVSS: 7.5EPSS: 0%CPEs: 91EXPL: 0CVE-2018-5507
https://notcve.org/view.php?id=CVE-2018-5507
13 Apr 2018 — On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU. En F5 BIG-IP, en versiones 13.0.0, de la versión 12.1.0 a la 12.1.3.1, de la versión 11.6.1 a la 11.6.2 o de la versión 11.5.1 a la 11.5.5, los invitados vCMP que se ejecutan en blades VIPRION de las series 2100, 4200 y 4300 no puedes descifrar correctamente el texto cifrado de las se... • https://support.f5.com/csp/article/K52521791 •
CVSS: 9.3EPSS: 3%CPEs: 25EXPL: 0CVE-2018-5504
https://notcve.org/view.php?id=CVE-2018-5504
22 Mar 2018 — In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1. En algunas circunstancias, el TMM (Traffic Management Microkernel) no gestiona correctamente algunas peticiones/respuestas Websockets mal formadas. Esto permite que atacantes remotos provoquen u... • http://www.securitytracker.com/id/1040558 •
CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 0CVE-2018-5509
https://notcve.org/view.php?id=CVE-2018-5509
22 Mar 2018 — On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. ... • http://www.securityfocus.com/bid/103504 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-6150
https://notcve.org/view.php?id=CVE-2017-6150
01 Mar 2018 — Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM). Bajo ciertas condiciones para los sistemas F5 BIG-IP 13.0.0 o 12.1.0 - 12.1.3.1 que emplean perfiles FastL4, cuando la opción Reassemble IP Fragments está deshabilitada (por defecto), algunos paquetes grandes fragmentados podrían reiniciar el TMM (Traffic M... • http://www.securityfocus.com/bid/103235 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 39EXPL: 0CVE-2018-5500
https://notcve.org/view.php?id=CVE-2018-5500
01 Mar 2018 — On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue. En sistemas F5 BIG-IP que ejecutan las versiones 13.0.0, 12.1.0 - 12.1.3.1 o 11.6.1 - 11.6.2, cada conexión Multipath TCP (MCTCP) que se establece filtra una pequeña cantidad de memoria. Los servidores virtuales que emplean el perfil TCP con la ... • http://www.securityfocus.com/bid/103217 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5501
https://notcve.org/view.php?id=CVE-2018-5501
01 Mar 2018 — In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control. En algunas circunstancias, en sistemas F5 BIG-IP que ejecutan 13.0.0, 12.1.0 - 12.1.3.1, cualquier versión 11.6.x o 11.5.x o 11.2.1, el perfil TCP DNS permite el buffering excesivo debido a la falta de control de flujo. • http://www.securityfocus.com/bid/103211 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6129
https://notcve.org/view.php?id=CVE-2017-6129
21 Dec 2017 — In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. En F5 BIG-IP APM, en sus versiones 13.0.0 y 12.1.2 en determinadas circunstancias, el tráfico de la VPN conectada con APM puede provocar que un connflow VPN/PPP se libere... • http://www.securitytracker.com/id/1040047 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 88EXPL: 0CVE-2017-6132
https://notcve.org/view.php?id=CVE-2017-6132
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y Websafe, en versiones de software 13.0.0, de la 12.0.0 a la 12.1.2, de la 11.6.0 a la 11.6.1 y de la 11.5.0 a ... • http://www.securityfocus.com/bid/102333 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-6133
https://notcve.org/view.php?id=CVE-2017-6133
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM y WebSafe, en versiones 13.0.0 y de la 12.1.0 a la 12.1.2, las peticiones HTTP no reveladas podrían provocar una denegación de servicio (DoS). • http://www.securityfocus.com/bid/102467 • CWE-20: Improper Input Validation •