F5 Networks BIG-IP : BIG-IP ASM Virtual Edition may run out of memory under certain DoS conditions (K15341)

2014-10-10T00:00:00
ID F5_BIGIP_SOL15341.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

The BIG-IP ASM system limits the maximum number of concurrent requests with large payloads (10,000 bytes or larger) by default to 100, using the max_concurrent_long_request internal parameter. The BIG-IP ASM system drops new requests with large payloads once this limit is reached.The maximum individual request length supported by the system is set by the long_request_buffer_size internal parameter, which defaults to 10 MB. The number of concurrent large requests the system can process is therefore dependent on the available memory in the system's memory pools. The maximum amount of memory available for memory pools for a BIG-IP ASM Virtual Edition (VE) guest provisioned with 4 GB of memory is limited to 700 MB by default.

If BIG-IP ASM VE receives many large requests, it is possible for the system to run out of memory.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K15341.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(78177);
  script_version("1.5");
  script_cvs_date("Date: 2019/01/04 10:03:40");

  script_name(english:"F5 Networks BIG-IP : BIG-IP ASM Virtual Edition may run out of memory under certain DoS conditions (K15341)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The BIG-IP ASM system limits the maximum number of concurrent requests
with large payloads (10,000 bytes or larger) by default to 100, using
the max_concurrent_long_request internal parameter. The BIG-IP ASM
system drops new requests with large payloads once this limit is
reached.The maximum individual request length supported by the system
is set by the long_request_buffer_size internal parameter, which
defaults to 10 MB. The number of concurrent large requests the system
can process is therefore dependent on the available memory in the
system's memory pools. The maximum amount of memory available for
memory pools for a BIG-IP ASM Virtual Edition (VE) guest provisioned
with 4 GB of memory is limited to 700 MB by default.

If BIG-IP ASM VE receives many large requests, it is possible for the
system to run out of memory."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K15341"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K15341."
  );
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "K15341";
vmatrix = make_array();

if (report_paranoia < 2) audit(AUDIT_PARANOID);

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("11.2.1-11.5.0");
vmatrix["ASM"]["unaffected"] = make_list("11.5.1","11.5.0HF1","11.4.1HF4","11.4.0HF6","11.3.0HF9","11.2.1HF11","11.0.0-11.2.0","10.0.0-10.2.4");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running the affected module ASM");
}