Lucene search
K

58 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.30 views

K95434410: TMM vulnerability CVE-2019-6629

Security Advisory Description Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact...

7.5CVSS7.5AI score0.01309EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:26 p.m.36 views

K23284054: The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions

Security Advisory Description This issue occurs the following condition is met: A virtual server is configured with a Client SSL profile and an SMTPS profile that has the STARTTLS Activation Mode setting enabled Allow or Require for processing SMTPS traffic. Impact When system receives these SMTP...

7AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.33 views

K21154730: TMM SSL/TLS profile vulnerability CVE-2017-6141

Security Advisory Description Certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel TMM. The Session Ticket option is disabled by default. CVE-2017-6141 Impact The...

5.9CVSS5.8AI score0.01065EPSS
Exploits0Affected Software8
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.370 views

K21905460: BIG-IP SSL vulnerability CVE-2017-6168

Security Advisory Description On BIG-IP versions 11.6.0-11.6.2 fixed in 11.6.2 HF1, 12.0.0-12.1.2 HF1 fixed in 12.1.2 HF2, or 13.0.0-13.0.0 HF2 fixed in 13.0.0 HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher...

7.4CVSS7.1AI score0.21552EPSS
Exploits1Affected Software9
F5 Networks
F5 Networks
added 2023/02/21 6:15 p.m.152 views

K16674: TLS vulnerability CVE-2015-4000

Security Advisory Description The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE...

4.3CVSS6.8AI score0.9986EPSS
Exploits1Affected Software16
F5 Networks
F5 Networks
added 2023/02/21 6:3 p.m.17 views

K21942600: A virtual server with a Client SSL profile may accept non-SSL traffic

Security Advisory Description A Client SSL profile using a cipher group and an option that modifies supported ciphers for example no-dtls or no-ssl accepts plain text connections, in addition to correctly handling SSL traffic. This issue occurs when all of the following conditions are met: A...

6.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.4 views

SUSE CVE-2014-6494

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496...

4.3CVSS6.3AI score0.04847EPSS
Exploits0References7
OSV
OSV
added 2022/08/04 6:15 p.m.1 views

CVE-2022-32455

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the...

7.5CVSS7.1AI score
Exploits0References1
NVD
NVD
added 2022/08/04 6:15 p.m.21 views

CVE-2022-32455

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the...

7.5CVSS0.00444EPSS
Exploits0References1
CVE
CVE
added 2022/08/04 5:46 p.m.110 views

CVE-2022-32455

CVE-2022-32455 affects F5 BIG-IP TMM when a LTM Client SSL profile on a virtual server uses client certificate authentication with session tickets enabled. Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate, resulting in a DoS as the TMM restarts. Affected branch...

7.5CVSS7.7AI score0.00444EPSS
Exploits0References1Affected Software11
CNNVD
CNNVD
added 2022/08/03 12:0 a.m.5 views

F5 BIG-IP 缓冲区错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP TMM ClientSSL profile, which stems from the vulnerability when the...

7.5CVSS5.8AI score0.00444EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/08/03 12:0 a.m.37 views

F5 Networks BIG-IP : TMM vulnerability (K16852653)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5 / 15.1.6.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K16852653 advisory. - In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and a...

7.5CVSS7.4AI score0.00444EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/10/29 12:0 a.m.47 views

F5 Networks BIG-IP : BIG-IP Client SSL Security Advisory (K44020030)

The Traffic Management Microkernel TMM process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile. Impact TMM memory may eventually become exhausted and may result in the system producing a core file. The BIG-IP system may...

7.5CVSS7.3AI score0.0109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/09/25 12:0 a.m.11 views

PT-2020-18827 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 11.6.1 through 11.6.2 F5 BIG-IP versions 12.1.0 through 12.1.2 HF1 F5 BIG-IP versions 13.0.0 through 13.0.0 HF2 Description: The issue affects F5 BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, where a...

5.9CVSS5.6AI score0.01206EPSS
Exploits0References3
Citrix
Citrix
added 2020/07/08 12:0 a.m.8 views

Citrix Client SSL Error Codes

This article provides information on Citrix Client SSL Error Codes. To assist with troubleshooting, Citrix Technical Support has compiled a list of generic SSL error codes that the Citrix client might present the user or write in the Event log when an error occurs. Important! This article is...

7.5AI score
Exploits0
OSV
OSV
added 2019/07/03 6:15 p.m.5 views

CVE-2019-6629

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to...

7.5CVSS7.1AI score0.01309EPSS
Exploits0References2
Prion
Prion
added 2019/07/03 6:15 p.m.20 views

Code injection

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to...

4.3CVSS7.5AI score0.01309EPSS
Exploits0References2Affected Software13
CVE
CVE
added 2019/07/03 5:50 p.m.79 views

CVE-2019-6629

CVE-2019-6629 affects F5 BIG-IP 14.1.0 (14.1.0 to 14.1.0.5) where undisclosed SSL traffic to a virtual server with a Client SSL profile using session tickets and DHE cipher suites can cause the Traffic Management Microkernel (TMM) to fail and restart. The impact is limited to the data plane; the ...

7.5CVSS7.4AI score0.01309EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/03 5:50 p.m.27 views

CVE-2019-6629

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to...

7.5AI score0.01309EPSS
Exploits0References2
Prion
Prion
added 2019/02/26 3:29 p.m.21 views

Code injection

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

4.3CVSS5.6AI score0.00653EPSS
Exploits0References1Affected Software12
Rows per page
Query Builder