Page 39 of 196 results (0.005 seconds)

CVSS: 5.9EPSS: 0%CPEs: 50EXPL: 0

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. En LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator y WebSafe versiones 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4 y versiones 12.1.0 hasta 12.1.2 de F5 BIG-IP, Los patrones de tráfico no divulgados recibidos mientras la protección de cookies SYN del software es activada pueden causar una interrupción del servicio al Microkernel de Administración de Tráfico (TMM) en plataformas y configuraciones específicas. • http://www.securitytracker.com/id/1038409 https://support.f5.com/csp/article/K82851041 •

CVSS: 7.5EPSS: 0%CPEs: 156EXPL: 0

The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. El Traffic Management Microkernel (TMM) en F5 BIG-IP en versiones anteriores a 11.5.4 HF3, 11.6.x en versiones anteriores a 11.6.1 HF2 y 12.x en versiones anteriores a 12.1.2 no maneja adecuadamente las opciones MTU de ruta mínima para IPv6, lo que permite a atacantes remotos provocar una denegación de servicio (DoS) a través de vectores no especificados. • http://www.securitytracker.com/id/1038132 https://support.f5.com/csp/article/K46535047 • CWE-19: Data Processing Errors •

CVSS: 5.5EPSS: 0%CPEs: 123EXPL: 0

In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. En algunos casos la caché binaria MCPD en dispositivos F5 BIG-IP pueden permitir a un usuario con acceso Advanced Shell, o privilegios generar un qkview, para obtener temporalmente información normalmente irrecuperable. • http://www.securityfocus.com/bid/97198 http://www.securitytracker.com/id/1038133 https://support.f5.com/csp/article/K52180214 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 95%CPEs: 115EXPL: 2

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well. Un servidor virtual BIG-IP configurado con un perfil Client SSL que tiene la opción Session Tickets no predeterminada habilitada podría perder hasta 31 portes de la memoria no inicializada. Un atacante remoto puede explotar esta vulnerabilidad para obtener los IDs de sesión Secure Sockets Layer (SSL) de otras sesiones. • https://www.exploit-db.com/exploits/41298 https://www.exploit-db.com/exploits/44446 http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html http://www.securityfocus.com/bid/96143 http://www.securitytracker.com/id/1037800 https://blog.filippo.io/finding-ticketbleed https://filippo.io/Ticketbleed https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py https://support.f5.com/csp/article/K05121675 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 0%CPEs: 27EXPL: 0

Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic. Servicios virtuales en sistemas F5 BIG-IP 11.6.1 en versiones anteriores a 11.6.1 HF1 y 12.1.x en versiones anteriores a 12.1.2, cuando se configuran para analizar mensajes RADIUS a través de un iRule, permite a atacantes remotos provocar una denegación de servicio (reinicio de Traffic Management Microkernel) a través de tráfico de la red manipulado. • http://www.securityfocus.com/bid/95228 http://www.securitytracker.com/id/1037510 https://support.f5.com/csp/#/article/K92859602 • CWE-20: Improper Input Validation •