1 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP Advanced WAF y BIG-IP ASM versiones 16.0.x anteriores a 16.0.1.2 y versiones 15.1.x anteriores a 15.1.3 y NGINX App Protect en todas las versiones anteriores a 3.5.0, cuando es configurado una política de tipo cross-site request forgery (CSRF) en un servidor virtual, una respuesta HTML no divulgada puede causar una finalización del proceso bd. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K44553214 • CWE-352: Cross-Site Request Forgery (CSRF) •