CVSS: 7.8EPSS: 1%CPEs: 86EXPL: 0CVE-2013-6016
https://notcve.org/view.php?id=CVE-2013-6016
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors. The Traffic Management Microkernel (TMM) en F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, y WOM 10.0.0 hasta la versión 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 hasta la versión 9.4.8, 10.0.0 hasta la versión 10.2.4, and 11.0.0 hasta la versión 11.4.1; y WebAccelerator 9.4.0 hasta la versión 9.4.8, 10.0.0 hasta la versión 10.2.4, and 11.0.0 hasta la versión 11.3.0 podría cambiar a una conexión TCP al estado ESTABLISHED antes de recibir el paquete ACK, lo que permite a atacantes remotos provocar una denegación de servicio (SIGFPE o error de aserción y reinicio TMM) a través de vectores no especificados. • http://secunia.com/advisories/55378 http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13233.html http://www.securitytracker.com/id/1029220 https://exchange.xforce.ibmcloud.com/vulnerabilities/88166 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0CVE-2013-0150
https://notcve.org/view.php?id=CVE-2013-0150
Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de salto de directorio en una firma no especificada de un Applet Java en un componente client-side en F5 BIG-IP APM v10.1.0 hasta v10.2.4 y v11.0.0 hasta v11.3.0, FirePass v6.0.0 hasta v6.1.0 y v7.0.0, y otros productos "cuando APM se aprovisiona," permite que atacantes remotos puedan subir y ejecutar fichero de su elección a través de .. (punto punto) en el parámetro nombre de fichero. • http://secunia.com/advisories/53477 http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 37EXPL: 0CVE-2012-3163 – mysql: unspecified vulnerability related to Information Schema (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3163
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.64 y anteriores, y v5.5.26 y anteriores, permite a usuarios remotos autenticados a afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Information Schema. • http://rhn.redhat.com/errata/RHSA-2012-1462.html http://secunia.com/advisories/51177 http://secunia.com/advisories/51309 http://secunia.com/advisories/53372 http://secunia.com/advisories/56509 http://secunia.com/advisories/56513 http://security.gentoo.org/glsa/glsa-201308-06.xml http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html http://www.debian.org/security/2012/dsa-2581 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http:/&# •
CVSS: 7.8EPSS: 30%CPEs: 114EXPL: 4CVE-2012-1493 – F5 BIG-IP - Authentication Bypass (PoC)
https://notcve.org/view.php?id=CVE-2012-1493
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. El dispositivo F5 BIG-IP v9.x anteriores a v9.4.8-HF5, v10.x anteriores a v10.2.4, v11.0.x anteriores a v11.0.0-HF2, y v11.1.x anteriores a v11.1.0-HF3, y Enterprise Manager anteriores a v2.1.0-HF2, v2.2.x anteriores a v2.2.0-HF1, y v2.3.x anteriores a v2.3.0-HF3, usa una clave privada SSH en distintas instalaciones de clientes, y no restringe el acceso a la mismas de forma adecuada, lo que facilita a atacantes remotos hacer login SSH a través de la opción PubkeyAuthentication. F5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. • https://www.exploit-db.com/exploits/19064 https://www.exploit-db.com/exploits/19091 https://www.exploit-db.com/exploits/19099 http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb https://www.trustmatta.com/advisories/MATTA-2012-002.txt • CWE-255: Credentials Management Errors •
CVSS: 9.1EPSS: 1%CPEs: 26EXPL: 0CVE-2011-3188 – kernel: net: improve sequence number generation
https://notcve.org/view.php?id=CVE-2011-3188
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. Las implementaciones de (1) IPv4 y (2) IPv6 en el kernel de Linux antes de v3.1 utiliza una versión modificada de algoritmo MD4 para generar números de secuencia y valores de los fragmentos de identificación, lo que hace que sea más fácil para los atacantes remotos causar una denegación de servicio (red interrumpida) o secuestrar sesiones de red mediante la predicción de estos valores y el envío de paquetes manipulados. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bc0b96b54a21246e377122d54569eef71cec535f http://marc.info/?l=bugtraq&m=139447903326211&w=2 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 http://www.openwall.com/lists/oss-security/2011/08/23/2 https://bugzilla.redhat.com/show_bug.cgi?id=732658 https://github.com/torval •