Lucene search

[email protected]CVE-2017-6169

HistoryFeb 06, 2018 - 1:29 p.m.

CVE-2017-6169

2018-02-0613:29:00

CWE-20

[email protected]

web.nvd.nist.gov

big-ip

virtual server

core file

malformed urls

categorization

cve-2017-6169

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.2%

JSON

In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.

Affected configurations

NVD

Node

f5big-ip_policy_enforcement_managerMatch11.6.0

f5big-ip_policy_enforcement_managerMatch11.6.1

f5big-ip_policy_enforcement_managerMatch11.6.2

f5big-ip_policy_enforcement_managerMatch12.0.0

f5big-ip_policy_enforcement_managerMatch12.1.0

f5big-ip_policy_enforcement_managerMatch12.1.1

f5big-ip_policy_enforcement_managerMatch12.1.2

f5big-ip_policy_enforcement_managerMatch12.1.3

f5big-ip_policy_enforcement_managerMatch13.0.0

CPENameOperatorVersion
f5:big-ip_policy_enforcement_managerf5 big-ip policy enforcement managereq11.6.0
f5:big-ip_policy_enforcement_managerf5 big-ip policy enforcement managereq11.6.1
f5:big-ip_policy_enforcement_managerf5 big-ip policy enforcement managereq11.6.2
f5:big-ip_policy_enforcement_managerf5 big-ip policy enforcement managereq12.0.0
f5:big-ip_policy_enforcement_managerf5 big-ip policy enforcement managereq12.1.0
f5:big-ip_policy_enforcement_managerf5 big-ip policy enforcement managereq12.1.1
f5:big-ip_policy_enforcement_managerf5 big-ip policy enforcement managereq12.1.2
f5:big-ip_policy_enforcement_managerf5 big-ip policy enforcement managereq12.1.3
f5:big-ip_policy_enforcement_managerf5 big-ip policy enforcement managereq13.0.0

CPE	Name	Operator	Version
f5:big-ip_policy_enforcement_manager	f5 big-ip policy enforcement manager	eq	11.6.0
f5:big-ip_policy_enforcement_manager	f5 big-ip policy enforcement manager	eq	11.6.1
f5:big-ip_policy_enforcement_manager	f5 big-ip policy enforcement manager	eq	11.6.2
f5:big-ip_policy_enforcement_manager	f5 big-ip policy enforcement manager	eq	12.0.0
f5:big-ip_policy_enforcement_manager	f5 big-ip policy enforcement manager	eq	12.1.0
f5:big-ip_policy_enforcement_manager	f5 big-ip policy enforcement manager	eq	12.1.1
f5:big-ip_policy_enforcement_manager	f5 big-ip policy enforcement manager	eq	12.1.2
f5:big-ip_policy_enforcement_manager	f5 big-ip policy enforcement manager	eq	12.1.3
f5:big-ip_policy_enforcement_manager	f5 big-ip policy enforcement manager	eq	13.0.0

CNA Affected

[
  {
    "product": "BIG-IP PEM",
    "vendor": "F5 Networks, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "13.0.0"
      },
      {
        "status": "affected",
        "version": "12.0.0-12.1.3"
      },
      {
        "status": "affected",
        "version": "11.6.0-11.6.2"
      }
    ]
  }
]

References

www.securitytracker.com/id/1040332

support.f5.com/csp/article/K31404801

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.2%

JSON

Related for CVE-2017-6169

nessus1 cvelist1 nvd1 prion1 f51