11 matches found
CVE-2021-22990
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface TMUI, also referred to as the...
CVE-2025-61935
CVE-2025-61935 affects BIG-IP Advanced WAF/ASM (bd process). Undisclosed requests can terminate the bd process, causing DoS-like disruption on BIG-IP data plane. Vulnerable when running BIG-IP Next/16.x? and 15.x ranges as listed (e.g., 17.5.0; 17.1.0–17.1.2; 15.1.0–15.1.10). Fixed in 17.5.1, 17....
EUVD-2021-10147
Malware in sbrugna...
CVE-2021-23028
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall WAF/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests m...
CVE-2021-23029
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery SSRF attacks through F5 Advanced Web Application Firewall WAF and the BIG-IP ASM Configuration utility. Note: Software versions which have...
K30911244: Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check failure
Security Advisory Description The F5 Advanced Web Application Firewall Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check may fail to detect and block certain HTTP requests when some signatures are disabled on the security policy and wildcard header. Impact The attack signatur...
K41503304: Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature bypass security exposure
Security Advisory Description The F5 Advanced Web Application Firewall Advanced WAF, BIG-IP ASM, and NGINX App Protect systems attack signature check may fail to match attack signature 200000128, as expected, for certain undisclosed requests. This issue occurs when all of the following conditions...
F5 BIG-IP 资源管理错误漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in F5 BIG-IP AWAF and ASM, where when a BIG-IP Advanced WAF or BIG-IP ASM security...
CVE-2022-23026
On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource...
CVE-2022-23026
On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource...
CVE-2021-23028
Summary: CVE-2021-23028 affects F5 BIG-IP Advanced WAF and ASM. When JSON content profiles are configured for URLs in an AWAF/ASM security policy and applied to a virtual server, undisclosed requests can cause the BIG-IP ASM bd process to terminate, resulting in a denial of service to the data pl...