K61367237 : BIG-IP HTTP/3 QUIC vulnerability CVE-2020-5859

2020-03-2600:00:00

my.f5.com

0.001 Low

EPSS

Percentile

42.6%

JSON

Security Advisory Description

Specially formatted HTTP/3 messages may cause the Traffic Management Microkernel (TMM) to produce a core file. (CVE-2020-5859)

Impact

TMM may restart and temporarily fail to process traffic on BIG-IP hosts with the HTTP/3 QUIC profile configured. High availability (HA) configurations will fail over the the standby host.

Note: Beginning in BIG-IP 15.1.0.1, F5 introduced HTTP/3 and QUIC as an experimental feature. For more information, refer to K60235402: Overview of the BIG-IP HTTP/3 and QUIC profiles. F5 recommends that you test experimental features only in your staging environment and not in production.

CPENameOperatorVersion
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-ip afmeq11.5.10
big-ip afmeq11.5.2
big-ip afmeq11.5.3

Name	Operator	Version
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3

Rows per page:

1-10 of 2781

0.001 Low

EPSS

Percentile

42.6%

JSON

Related for F5:K61367237