Lucene search
+L

177 matches found

CVE
CVE
added 2024/02/14 4:30 p.m.54 views

CVE-2024-23308

CVE-2024-23308 affects BIG-IP Advanced WAF/ASM: when a policy with a Request Body Handling option is attached to a virtual server, certain requests can trigger a NULL dereference in the BD process, causing DoS by remote unauthenticated access. Impact is Denial of Service to traffic handling (data...

7.5CVSS7.6AI score0.00515EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/02/14 4:30 p.m.32 views

CVE-2024-21789 BIG-IP ASM and Advanced WAF vulnerability

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.5CVSS7.7AI score0.00515EPSS
Exploits0References1
CVE
CVE
added 2024/02/14 4:30 p.m.51 views

CVE-2024-21789

CVE-2024-21789 affects BIG-IP Advanced WAF/ASM; when a security policy is applied on a virtual server, undisclosed requests can cause a memory resource utilization spike, potentially degrading performance. Impact: DoS-like degradation without control plane exposure (data plane issue). Remediation...

7.5CVSS7.6AI score0.00515EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2024/02/14 4:30 p.m.51 views

CVE-2024-21849

CVE-2024-21849 affects BIG-IP with Advanced WAF/ASM configured and a Websockets profile on a virtual server. The underlying issue is that undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate, leading to a DoS condition. The vulnerability is documented as affecting B...

7.5CVSS7.6AI score0.00515EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/02/14 4:30 p.m.26 views

CVE-2024-21849 BIG-IP Websockets vulnerability

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.5CVSS7.7AI score0.00515EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2024/02/14 1:55 p.m.43 views

K000137334: F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability CVE-2024-23805

Security Advisory Description Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and th...

7.5CVSS7.6AI score0.00515EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2024/02/14 1:32 p.m.33 views

K000137416: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2024-23308

Security Advisory Description When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based...

7.5CVSS7.6AI score0.00515EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2024/02/14 1:26 p.m.36 views

K000135873: BIG-IP Websockets vulnerability CVE-2024-21849

Security Advisory Description When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM process to terminate. CVE-2024-21849 Impact Traffic is disrupted while the TMM process restarts...

7.5CVSS7.6AI score0.00515EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.4 views

PT-2024-19091 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP affected versions not specified Description: When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM process to...

7.5CVSS6.6AI score0.00515EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.5 views

PT-2024-19799 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition...

7.5CVSS6.5AI score0.00515EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/02/14 12:0 a.m.19 views

F5 Networks BIG-IP : BIG-IP Advanced WAF and BIG-IP ASM vulnerability (K000137416)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137416 advisory. - When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server,...

7.5CVSS7.4AI score0.00515EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/14 12:0 a.m.25 views

F5 Networks BIG-IP : BIG-IP Advanced WAF and BIG-IP ASM and vulnerability (K000137270)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137270 advisory. - When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase...

7.5CVSS7.4AI score0.00515EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/14 12:0 a.m.17 views

F5 Networks BIG-IP : BIG-IP Advanced WAF and BIG-IP ASM Configuration utility vulnerability (K000138047)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000138047 advisory. A SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration...

3.8CVSS5.5AI score0.00302EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/14 12:0 a.m.25 views

F5 Networks BIG-IP : F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability (K000137334)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137334 advisory. - Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application...

7.5CVSS7.4AI score0.00515EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/14 12:0 a.m.20 views

F5 Networks BIG-IP : BIG-IP Websockets vulnerability (K000135873)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000135873 advisory. - When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed...

7.5CVSS7.4AI score0.00515EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/10/10 10:43 a.m.14 views

K000135944: Attack signature check security exposure

Security Advisory Description BIG-IP Advanced WAF, BIG-IP ASM, and NGINX App Protect systems incorrectly handle certain requests. This issue occurs when the following condition is met: BIG-IP Advanced WAF, BIG-IP ASM, and NGINX App Protect handle a crafted request with the parameter value. Impact...

6.7AI score
Exploits0Affected Software3
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.260 views

K30425568: Overview of F5 vulnerabilities (October 2022)

Security Advisory Description On October 19, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

8.8CVSS6.2AI score0.011EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.56 views

K11830089: BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617

Security Advisory Description When the F5 BIG-IP Advanced WAF or BIG-IP ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. CVE-2022-41617 Impact On systems deployed in Standard or Appliance mode, this vulnerability may all...

7.2CVSS7.4AI score0.011EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.30 views

K06440657: BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2021-23001

Security Advisory Description The upload functionality in BIG-IP Advanced WAF and ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. CVE-2021-23001 Impact An authenticated malicious user can upload malicious files to use in...

4.3CVSS5.3AI score0.00572EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.34 views

K80945213: BIG-IP ASM and F5 Advanced WAF attack signature check failure security exposure

Security Advisory Description A BIG-IP ASM and F5 Advanced Web Application Firewall Advanced WAF attack signature check may fail to detect and block certain GET requests when cross-site request forgery CSRF protection is enabled. Impact Attackers may be able to bypass BIG-IP ASM and Advanced WAF...

6.5AI score
Exploits0Affected Software2
Rows per page
Query Builder