Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5SOL35358312
HistoryMay 10, 2016 - 12:00 a.m.

SOL35358312 - TCP vulnerability CVE-2015-8099

2016-05-1000:00:00
support.f5.com
28

0.008 Low

EPSS

Percentile

81.2%

JSON

Vulnerability Recommended Actions

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

F5 responds to vulnerabilities in accordance with the Severityvalues published in the previous table. The Severityvalues and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.

Identifying log messages relevant to the vulnerability

The primary means of identifying the vulnerability is by locating the relevant log messages in the** /var/log/ltm** file. For the HSB lockup to occur, the system must be operating in Syncookie mode. Therefore, you should look for two logs in proximity.

  • First, you should see a log message indicating that the Syncookie threshold was exceeded. The message appears similar to the following example:

warning tmm[PID]: 01010038:4: Syncookie threshold 1993 exceeded, virtual = 10.11.12.13:443

Note: The actual threshold value will vary.

  • Second, you should see an HSB lockup message. The message appears similar to the following example:

crit tmm[PID]: 01230111:2: Interface 0.1: HSB DMA lockup on transmitter failure.

Note: The lockup by itself is not necessarily indicative of this vulnerability, as other issues may produce the same log message. However, if both the platform and software version are within the vulnerable set as indicated above, presence of the error messages may indicate exposure to the vulnerability.

Mitigating the vulnerability

F5 strongly encourages you to upgrade to a fixed release to mitigate this issue. However, if you are unable to upgrade at this time, contact F5 Technical Support to obtain an iRule mitigation.

Supplemental Information

  • SOL9970: Subscribing to email notifications regarding F5 products
  • SOL9957: Creating a custom RSS feed to view new and updated documents
  • SOL4918: Overview of the F5 critical issue hotfix policy
  • SOL167: Downloading software and firmware from F5
  • SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)

Related

nessus 1
prion 1
f5 1
cve 1
cvelist 1
nvd 1
openvas 1
nessus
nessus
F5 Networks BIG-IP : TCP vulnerability (K35358312)
2016-05-12 00:00:00
prion
prion
Code injection
2016-05-13 16:59:00
f5
f5
K35358312 : TCP vulnerability CVE-2015-8099
2016-05-11 00:00:00
cve
cve
CVE-2015-8099
2016-05-13 16:59:05
cvelist
cvelist
CVE-2015-8099
2016-05-13 16:00:00
nvd
nvd
CVE-2015-8099
2016-05-13 16:59:05
openvas
openvas
F5 BIG-IP - TCP vulnerability CVE-2015-8099
2016-05-17 00:00:00

0.008 Low

EPSS

Percentile

81.2%

JSON
Related for SOL35358312
nessus1prion1f51cve1cvelist1nvd1openvas1