CVSS: 5.9EPSS: 14%CPEs: 45EXPL: 2CVE-2013-3587
https://notcve.org/view.php?id=CVE-2013-3587
21 Feb 2020 — The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. El protocolo HTTPS, como es usado en aplicaci... • http://breachattack.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 10%CPEs: 16EXPL: 2CVE-2015-4040 – F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-4040
17 Sep 2015 — Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. Vulnerabilidad de salto de directorio en la utilidad de configuración en F5 BIG-IP en versiones anteriores a 12.0.0 y Enterprise Manager 3.0.0 hasta la versión 3.1.1, permite a usuarios remotos autenticados acceder a archivos arbitrarios en la raíz web a través de vectores no e... • https://packetstorm.news/files/id/133931 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1050
https://notcve.org/view.php?id=CVE-2015-1050
15 Jan 2015 — Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account. Vulnerabilidad de XSS en F5 BIG-IP Application Security Manager (ASM) anterior a 11.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo Response Body cuando se crea una cuenta de usuario nueva. • http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 64%CPEs: 86EXPL: 4CVE-2014-2928 – F5 iControl - Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-2928
07 May 2014 — The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands ... • https://packetstorm.news/files/id/128592 •
CVSS: 7.8EPSS: 1%CPEs: 86EXPL: 0CVE-2013-6016
https://notcve.org/view.php?id=CVE-2013-6016
26 Oct 2013 — The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM... • http://secunia.com/advisories/55378 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 84%CPEs: 114EXPL: 4CVE-2012-1493 – F5 BIG-IP - Authentication Bypass (PoC)
https://notcve.org/view.php?id=CVE-2012-1493
09 Jul 2012 — F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. El dispositivo F5 BIG-IP v9.x anteriores a v9.4.8-HF5, v10.x anteriores a v10.... • https://www.exploit-db.com/exploits/19064 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 3%CPEs: 11EXPL: 0CVE-2009-4420
https://notcve.org/view.php?id=CVE-2009-4420
24 Dec 2009 — Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer en el demonio bd en F5 Networks BIG-IP Application Security Manager (ASM) v9.4.4 hasta v9.4.7 y v10.0.0 hasta v10.... • http://osvdb.org/61297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •