K14741 : OpenSSH vulnerability CVE-2010-5107

2015-09-1500:00:00

my.f5.com

4.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.079 Low

EPSS

Percentile

93.6%

JSON

Security Advisory Description

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. (CVE-2010-5107)
Impact
This issue may limit access to SSH services on the affected BIG-IP system.

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-iq centralized managementeq5.X.X
big-iq centralized managementeq6.X.X
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-iq centralized management	eq	5.X.X
big-iq centralized management	eq	6.X.X
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3