Lucene search

[email protected]CVE-2015-8098

HistoryJan 12, 2016 - 7:59 p.m.

CVE-2015-8098

2016-01-1219:59:08

CWE-119

[email protected]

web.nvd.nist.gov

f5 big-ip

apm

remote code execution

cve-2015-8098

denial of service

out-of-bounds memory vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.1%

JSON

F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server configured with a remote desktop profile, aka an “Out-of-bounds memory vulnerability.”

Affected configurations

NVD

Node

f5big-ip_access_policy_managerMatch11.2.0

f5big-ip_access_policy_managerMatch11.2.1

f5big-ip_access_policy_managerMatch11.3.0

f5big-ip_access_policy_managerMatch11.4.0

f5big-ip_access_policy_managerMatch11.5.0

f5big-ip_access_policy_managerMatch11.5.1

f5big-ip_access_policy_managerMatch11.6.0

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.2.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.2.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.3.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.4.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.5.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.6.0

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.2.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.2.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.3.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.4.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.5.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.6.0

References

www.securitytracker.com/id/1034609

support.f5.com/kb/en-us/solutions/public/k/43/sol43552605.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for CVE-2015-8098

prion1 f52 openvas1 cvelist1 nvd1 nessus1