K52167636 : TMM vulnerability CVE-2017-6153

2018-05-3100:00:00

my.f5.com

0.001 Low

EPSS

Percentile

36.1%

JSON

Security Advisory Description

Features in the BIG-IP system that utilize inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a “Zip Bomb” attack. (CVE-2017-6153)

Impact

BIG-IP systems deployed in Forward Proxy mode with the inflate functionality enabled are at greatest risk for this vulnerability. BIG-IP systems that are collecting and manually decompressing data by way of iRules (using HTTP::collect andDECOMPRESS/COMPRESS) have additional risk, as this situation may increase the likelihood of successful exploitation. The control plane is not impacted by this issue; this issue is observed on the data plane.

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.5.4

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.5.4

Rows per page:

1-10 of 1951

0.001 Low

EPSS

Percentile

36.1%

JSON

Related for F5:K52167636