Lucene search

[email protected]CVE-2017-0302

HistoryMay 09, 2017 - 3:29 p.m.

CVE-2017-0302

2017-05-0915:29:00

CWE-118

[email protected]

web.nvd.nist.gov

cve-2017-0302

big-ip

apm

security vulnerability

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

JSON

In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerMatch12.0.0

f5big-ip_access_policy_managerMatch12.1.0

f5big-ip_access_policy_managerMatch12.1.1

f5big-ip_access_policy_managerMatch12.1.2

f5big-ip_access_policy_managerMatch13.0.0

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.0.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.2
f5:big-ip_access_policy_managerf5 big-ip access policy managereq13.0.0

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.0.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.2
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	13.0.0

CNA Affected

[
  {
    "product": "BIG-IP APM",
    "vendor": "F5 Networks, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "13.0.0"
      },
      {
        "status": "affected",
        "version": "12.0.0 - 12.1.2"
      }
    ]
  }
]

References

www.securitytracker.com/id/1038408

support.f5.com/csp/article/K87141725

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

JSON

Related for CVE-2017-0302

openvas1 cvelist1 nessus1 prion1 f51 nvd1