An out-of-bounds memory vulnerability may allow an unauthenticated BIG-IP APM user to cause a denial-of-service (DoS) or possibly perform remote code execution on a BIG-IP system when a remote desktop profile is assigned to a virtual server. (CVE-2015-8098).
For example, a remote desktop profile is assigned to a virtual server when either of the following options is enabled in the virtual server configuration:
CPE | Name | Operator | Version |
---|---|---|---|
f5 websafe | eq | 1.0.0 | |
big-ip afm | eq | 11.3.0 | |
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.10 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 |