Design/Logic Flaw

2018-06-0114:29:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

JSON

Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a “Zip Bomb” attack.

CPENameOperatorVersion
big-ip_access_policy_managereq13.0.0
big-ip_access_policy_managereq11.2.1
big-ip_access_policy_managerge12.1.0
big-ip_access_policy_managerle12.1.3
big-ip_access_policy_managereq13.1.0
big-ip_access_policy_managerge11.5.1
big-ip_access_policy_managerle11.5.5
big-ip_access_policy_managerge11.6.1
big-ip_access_policy_managerle11.6.3
big-ip_advanced_firewall_managereq11.2.1

Name	Operator	Version
big-ip_access_policy_manager	eq	13.0.0
big-ip_access_policy_manager	eq	11.2.1
big-ip_access_policy_manager	ge	12.1.0
big-ip_access_policy_manager	le	12.1.3
big-ip_access_policy_manager	eq	13.1.0
big-ip_access_policy_manager	ge	11.5.1
big-ip_access_policy_manager	le	11.5.5
big-ip_access_policy_manager	ge	11.6.1
big-ip_access_policy_manager	le	11.6.3
big-ip_advanced_firewall_manager	eq	11.2.1