CVE-2016-9245

🗓️ 07 Mar 2017 21:00:00Reported by f5Type

F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests to virtual servers with HTTP profile can restart TMM. Issue exposed with APM profiles & non-default "Normalize URI" config in iRules/BIG-IP LTM policies. Attacker disrupts traffic or causes system failover

Reporter	Title	Published	Views	Family All 8
CNVD	Denial of Service Vulnerability in Multiple F5 BIG-IP Products (CNVD-2017-02730)	2 Mar 201700:00	–	cnvd
Cvelist	CVE-2016-9245	7 Mar 201721:00	–	cvelist
EUVD	EUVD-2016-10056	7 Oct 202500:30	–	euvd
F5 Networks	K22216037: TMM vulnerability CVE-2016-9245	21 Feb 202318:14	–	f5
Tenable Nessus	F5 Networks BIG-IP : TMM vulnerability (K22216037)	27 Feb 201700:00	–	nessus
NVD	CVE-2016-9245	7 Mar 201721:59	–	nvd
OpenVAS	F5 BIG-IP - TMM vulnerability CVE-2016-9245	9 Mar 201700:00	–	openvas
Prion	Information disclosure	7 Mar 201721:59	–	prion

NVD

Node

f5 big-ip_local_traffic_managerMatch12.1.0

f5 big-ip_local_traffic_managerMatch12.1.1

f5 big-ip_local_traffic_managerMatch12.1.2

Node

f5 big-ip_application_acceleration_managerMatch12.1.0

f5 big-ip_application_acceleration_managerMatch12.1.1

f5 big-ip_application_acceleration_managerMatch12.1.2

Node

f5 big-ip_advanced_firewall_managerMatch12.1.0

f5 big-ip_advanced_firewall_managerMatch12.1.1

f5 big-ip_advanced_firewall_managerMatch12.1.2

Node

f5 big-ip_analyticsMatch12.1.0

f5 big-ip_analyticsMatch12.1.1

f5 big-ip_analyticsMatch12.1.2

Node

f5 big-ip_access_policy_managerMatch12.1.0

f5 big-ip_access_policy_managerMatch12.1.1

f5 big-ip_access_policy_managerMatch12.1.2

Node

f5 big-ip_application_security_managerMatch12.1.0

f5 big-ip_application_security_managerMatch12.1.1

f5 big-ip_application_security_managerMatch12.1.2

Node

f5 big-ip_domain_name_systemMatch12.1.0

f5 big-ip_domain_name_systemMatch12.1.1

f5 big-ip_domain_name_systemMatch12.1.2

Node

f5 big-ip_link_controllerMatch12.1.0

f5 big-ip_link_controllerMatch12.1.1

f5 big-ip_link_controllerMatch12.1.2

Node

f5 big-ip_policy_enforcement_managerMatch12.1.0

f5 big-ip_policy_enforcement_managerMatch12.1.1

f5 big-ip_policy_enforcement_managerMatch12.1.2

Node

f5 big-ip_websafeMatch12.1.0

f5 big-ip_websafeMatch12.1.1

f5 big-ip_websafeMatch12.1.2

[
  {
    "product": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
    "vendor": "F5 Networks",
    "versions": [
      {
        "status": "affected",
        "version": "12.1.0 - 12.1.2"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/96471
securitytracker	www.securitytracker.com/id/1037964
support	www.support.f5.com/csp/article/K22216037

13 May 2026 00:24Current

5.8Medium risk

Vulners AI Score5.8

CVSS 24.3

CVSS 35.9

EPSS0.00655

CWE-284

f5 big-ip systems security vulnerability cve-2016-9245 http apm irules ltm tmm traffic disruption failover