168 matches found
Multiple F5 BIG-IP Products CVE-2019-6671 Memory Leak Denial of Service Vulnerability
Description Multiple F5 BIG-IP Products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. Technologies Affected F5 BIG-IP AAM 13.1.0 F5 BIG-IP AAM 13.1.3 F5 BIG-IP AAM 14.0.0 F5 BIG-IP AAM 14.0.1 F5 BIG-IP AAM 14.1.0 F5 BIG-IP...
CVE-2019-6609
CVE-2019-6609 affects BIG-IP on iSeries (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) where the secureKeyCapable attribute is not set. This prevents Secure Vault from using F5 hardware support to protect the unit key, causing the unit key ...
F5 BIG-IP Denial of Service Vulnerability (CNVD-2018-17656)
The F5 BIG-IP Edge Gateway serves as an access solution that provides SSL VPN remote access, security, application acceleration and high availability for remote users. A denial of service vulnerability exists in F5 BIG-IP due to an excessive consumption of the target traffic management microkerne...
F5 BIG-IP Denial of Service Vulnerability (CNVD-2018-17654)
The F5 BIG-IP Edge Gateway serves as an access solution that provides SSL VPN remote access, security, application acceleration and high availability for remote users. A denial of service vulnerability exists in F5 BIG-IP versions 13.0.1 and 13.1.0.4 through 13.1.0.7 due to an unspecified flaw in...
CVE-2017-6151
CVE-2017-6151 affects F5 BIG-IP software (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) version 13.0.0 where virtual servers using the HTTP/2 profile may cause disruption of TMM. Root cause: undisclosed requests to HTTP/2-enabled virtua...
PHP vulnerabilities CVE-2017-9226 and CVE-2017-7890
F5 Product Development has evaluated the currently supported releases for potential vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an...
F5 Networks BIG-IP : TMM vulnerability (K82851041)
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disrupti...
CVE-2015-8022
CVE-2015-8022 affects multiple F5 BIG-IP products (LTM, Analytics, APM, ASM, GTM, Link Controller; AAM, AFM, PEM; Edge Gateway, WebAccelerator, WOM, PSM) across 11.x releases. The root cause is in the Configuration utility: an Access Policy Manager customization configuration section that allows ...
F5 BIG-IP APM and BIG-IP Edge Gateway Open Redirect Vulnerabilities
F5 BIG-IP APM is a set of solutions that provide secure unified access to business-critical applications and networks; BIG-IP Edge Gateway is a remote access solution. F5 BIG-IP APM and BIG-IP Edge Gateway fail to validate the SSOORIGURI parameter, which allows attackers to construct malicious...
CVE-2016-3687
Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on SSO, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the...
Default configuration
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5....
CVE-2016-2084
CVE-2016-2084 affects F5 BIG-IP and BIG-IQ cloud deployments (AWS, Azure, Verizon) where certificates and keys are not regenerated during deployment, allowing potential disclosure of sensitive data or disruption. The root cause is improper regeneration of certificates/keys when deploying cloud im...
CVE-2016-3686
The Single Sign-On SSO feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect...
CVE-2016-3686
The CVE-2016-3686 issue affects F5 BIG-IP APM SSO (and BIG-IP Edge Gateway) where Cleartext SessionID can appear in the Location header during redirects. Affected are BIG-IP APM 11.0.0–11.6.0 (HF6 in 11.6.0) and BIG-IP Edge Gateway 11.0.0–11.3.0; other components are listed as affected/not vulner...
CVE-2015-8021
The CVE-2015-8021 entry maps to an actual vulnerability in the BIG-IP Configuration utility where file uploads via uploadImage.php are not properly validated. Affected BIG-IP products (LTM, Analytics, APM, ASM, GTM, Link Controller, PSM, and related modules) running vulnerable 11.x releases are e...
F5 BIG-IP APM and BIG-IP Edge Gateway Unauthorized Access Vulnerability
F5 BIG-IP APM Access Policy Manager and BIG-IP Edge Gateway are both products of F5 USA. BIG-IP APM is a solution that provides secure and unified access to business-critical applications and networks; BIG-IP Edge Gateway is a remote access solution. A security vulnerability exists in F5 BIG-IP A...
Code injection
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge...
F5 Networks BIG-IP : Privilege escalation vulnerability (K75136237)
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge...
CVE-2015-4638
The CVE-2015-4638 issue affects F5 BIG-IP products using FastL4 virtual servers (across BIG-IP LTM/AAM/AFM/Analytics/APM/ASM/GTM/Link Controller/PEM, Edge Gateway, WebAccelerator, WOM, PSM). Root cause: processing of fragmented packets in the FastL4/TMM path can cause the Traffic Management Micro...