CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5503
https://notcve.org/view.php?id=CVE-2018-5503
22 Mar 2018 — On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. Desde la versión 13.0.0 hasta la 13.1.0.3 o desde la 12.0.0 hasta la 12.1.3.1 de F5 BIG-IP, el TMM podría reiniciarse al procesar una página específicamente manipulada mediante un servidor virtual con una política PEM asociada que tiene la inserción de contenido como acción. • http://www.securitytracker.com/id/1040560 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5502
https://notcve.org/view.php?id=CVE-2018-5502
22 Mar 2018 — On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure. Desde la versión 13.0.0 hasta la 13.1.0.3 de F5 BIG-IP, los atacantes podrían ser capaces de interrumpir s... • http://www.securitytracker.com/id/1040561 • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-5504
https://notcve.org/view.php?id=CVE-2018-5504
22 Mar 2018 — In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1. En algunas circunstancias, el TMM (Traffic Management Microkernel) no gestiona correctamente algunas peticiones/respuestas Websockets mal formadas. Esto permite que atacantes remotos provoquen u... • http://www.securitytracker.com/id/1040558 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5509
https://notcve.org/view.php?id=CVE-2018-5509
22 Mar 2018 — On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. ... • http://www.securityfocus.com/bid/103504 • CWE-20: Improper Input Validation •