CVSS: 6.5EPSS: 0%CPEs: 33EXPL: 0CVE-2017-6134
https://notcve.org/view.php?id=CVE-2017-6134
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe, en versiones de software 13.0.0, de la 12.1.0 a la 12.1.2 y de la 11.5.1 a la 11.6.1, una secuencia de paquetes no revelada cuyo origen es una red adyacente podría hacer que TMM se cierre de manera inesperada. • http://www.securityfocus.com/bid/102466 http://www.securitytracker.com/id/1040044 http://www.securitytracker.com/id/1040045 https://support.f5.com/csp/article/K37404773 • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 20EXPL: 0CVE-2017-6167
https://notcve.org/view.php?id=CVE-2017-6167
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM y WebSafe, en versiones 13.0.0 y de la 12.1.0 a la 12.1.2, las condiciones de carrera en iControl REST pueden conducir a la ejecución de comandos con niveles de privilegios diferentes a los esperados. • http://www.securitytracker.com/id/1040053 https://support.f5.com/csp/article/K24465120 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-6135
https://notcve.org/view.php?id=CVE-2017-6135
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe en su versión 13.0.0, una fuga de memoria lenta producida por paquetes IPv4 e IPv6 no revelados enviados al puerto de gestión de BIG-IP o a sus propias direcciones IP puede provocar condiciones de agotamiento de memoria. • http://www.securitytracker.com/id/1040050 https://support.f5.com/csp/article/K43322910 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 0CVE-2017-6136
https://notcve.org/view.php?id=CVE-2017-6136
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM). En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe, en versiones 13.0.0 y de la 12.0.0 a la 12.1.2, los patrones de tráfico no revelados que se envían a los servidores virtuales de BIG-IP con las opciones TCP Fast Open y Tail Loss Probe activadas en el perfil TCP asociado, pueden interrumpir el servicio al TMM (Traffic Management Microkernel). • http://www.securitytracker.com/id/1040046 https://support.f5.com/csp/article/K81137982 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2017-6138
https://notcve.org/view.php?id=CVE-2017-6138
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe, en versiones de software 13.0.0 y de la 12.1.0 a la 12.1.2, las peticiones maliciosas enviadas al servidor virtual con un perfil HTTP puede provocar que el TMM se reinicie. El problema está presente en perfiles BIG-IP APM, independientemente de su configuración. • http://www.securitytracker.com/id/1040051 https://support.f5.com/csp/article/K34514540 • CWE-20: Improper Input Validation •