CVE-2015-4638
https://notcve.org/view.php?id=CVE-2015-4638
The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) via a fragmented packet. Vulnerabilidad en el servidor virtual FastL4 en F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller y PEM 11.3.0 hasta la versión 11.5.2 y 11.6.0 hasta la versión 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator y WOM 11.2.1 hasta la versión 11.3.0 y BIG-IP PSM 11.2.1 hasta la versión 11.4.1, permite a atacantes remotos causar una denegación de servicio (reinicio del Traffic Management Microkernel) a través de un paquete fragmentado. • http://www.securitytracker.com/id/1033578 https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17155.html • CWE-20: Improper Input Validation •
CVE-2015-4040 – F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-4040
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. Vulnerabilidad de salto de directorio en la utilidad de configuración en F5 BIG-IP en versiones anteriores a 12.0.0 y Enterprise Manager 3.0.0 hasta la versión 3.1.1, permite a usuarios remotos autenticados acceder a archivos arbitrarios en la raíz web a través de vectores no especificados. F5 BigIP version 10.2.4 Build 595.0 Hotfix HF3 suffers from a path traversal vulnerability. • https://www.exploit-db.com/exploits/38448 http://packetstormsecurity.com/files/133931/F5-BigIP-10.2.4-Build-595.0-HF3-Path-Traversal.html http://www.securitytracker.com/id/1033532 http://www.securitytracker.com/id/1033533 https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17253.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2015-5058
https://notcve.org/view.php?id=CVE-2015-5058
Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets. Vulnerabilidad de fuga de memoria en el componente de servidor virtual en F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller y PEM 11.5.x en versiones anteriores a 11.5.1 HF10, 11.5.3 en versiones anteriores a HF1 y 11.6.0 en versiones anteriores a HF5, BIG-IQ Cloud, Device y Security 4.4.0 hasta la versión 4.5.0 y BIG-IQ ADC 4.5.0, permite a atacantes remotos causar una denegación de servicio (consumo de la memoria) a través de un gran número de paquetes ICMP manipulados. • http://www.securitytracker.com/id/1033334 https://support.f5.com/kb/en-us/solutions/public/17000/000/sol17047.html • CWE-399: Resource Management Errors •
CVE-2015-4047
https://notcve.org/view.php?id=CVE-2015-4047
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. racoon/gssapi.c en IPsec-Tools 0.8.2 permite a atacantes remotos causar una denegación de servicios (referencia a puntero nulo y caída de demonio IKE) a través de una serie de solicitudes UDP manipuladas. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/May/81 http://seclists.org/fulldisclosure/2015/May/83 http://www.debian.org/security/2015/dsa-3272 http://www.openwall.com/lists/oss-security/2015/05/20/1 http://www.openwall.com/lists/oss-security/20 • CWE-476: NULL Pointer Dereference •
CVE-2014-9326
https://notcve.org/view.php?id=CVE-2014-9326
The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. La funcionalidad de la actualización automática de firmas en (1) la característica Phone Home en F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, y Link Controller 11.5.0 hasta 11.6.0, ASM 10.0.0 hasta 11.6.0, y PEM 11.3.0 hasta 11.6.0 y (2) la característica Call Home en ASM 10.0.0 hasta 11.6.0 y PEM 11.3.0 hasta 11.6.0 no valida correctamente los certificados SSL de servidores, lo que permite a atacantes remotos realizar ataques man-in-the-middle a través de un certificado manipulado. • http://www.securitytracker.com/id/1032305 https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html •