CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2016-9253
https://notcve.org/view.php?id=CVE-2016-9253
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile. En F5 BIG-IP desde la versión 12.1.0 hasta la 12.1.2, patrones de tráfico websocket específicos, pueden causar una interrupción del servicio en servidores virtuales configurados para usar el perfil websocket. • http://www.securitytracker.com/id/1038415 https://support.f5.com/csp/article/K51351360 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 156EXPL: 0CVE-2016-9252
https://notcve.org/view.php?id=CVE-2016-9252
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. El Traffic Management Microkernel (TMM) en F5 BIG-IP en versiones anteriores a 11.5.4 HF3, 11.6.x en versiones anteriores a 11.6.1 HF2 y 12.x en versiones anteriores a 12.1.2 no maneja adecuadamente las opciones MTU de ruta mínima para IPv6, lo que permite a atacantes remotos provocar una denegación de servicio (DoS) a través de vectores no especificados. • http://www.securitytracker.com/id/1038132 https://support.f5.com/csp/article/K46535047 • CWE-19: Data Processing Errors •
CVSS: 5.5EPSS: 0%CPEs: 123EXPL: 0CVE-2016-7474
https://notcve.org/view.php?id=CVE-2016-7474
In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. En algunos casos la caché binaria MCPD en dispositivos F5 BIG-IP pueden permitir a un usuario con acceso Advanced Shell, o privilegios generar un qkview, para obtener temporalmente información normalmente irrecuperable. • http://www.securityfocus.com/bid/97198 http://www.securitytracker.com/id/1038133 https://support.f5.com/csp/article/K52180214 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 30EXPL: 0CVE-2016-9245
https://notcve.org/view.php?id=CVE-2016-9245
In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. En sistemas F5 BIG-IP 12.1.0 - 12.1.2, solicitudes maliciosas realizadas a servidores virtuales con un perfil HTTP pueden provocar que el TMM se reinicie. • http://www.securityfocus.com/bid/96471 http://www.securitytracker.com/id/1037964 https://support.f5.com/csp/article/K22216037 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 80EXPL: 0CVE-2016-6249
https://notcve.org/view.php?id=CVE-2016-6249
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. peticiones F5 BIG-IP 12.0.0 y 11.5.0 - 11.6.1 REST que expiran durante la autenticación de una cuenta de usuario pueden registrar atributos sensibles como contraseñas en plaintext para /var/log/restjavad.0.log. Esto puede permitir a usuarios locales obtener información sensible al leer estos archivos. • http://www.securitytracker.com/id/1037873 https://support.f5.com/csp/article/K12685114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •