K87416818: TMM vulnerability CVE-2016-7476

Security Advisory Description The Traffic Management Microkernel TMM may suffer from a memory leak while handling certain types of TCP traffic. CVE-2016-7476 Impact Remote attackers may cause a denial of service DoS by way of a crafted TCP packet. Security Advisory Status F5 Product Development h...

K02333782: BIG-IP HTTP/2 vulnerability CVE-2021-22999

Security Advisory Description The BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. CVE-2021-22999 Impact A remote...

K19430431: TMM vulnerability CVE-2017-6160

Security Advisory Description A remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel TMM to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile...

K94563344: HTTP/2 ALPN vulnerability CVE-2019-6619

Security Advisory Description The Traffic Management Microkernel TMM may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation ALPN enabled and it processes traffic where the ALPN extension size is zero. CVE-2019-6619 Impact BIG-IP The Traffic Management...

K46940010: TMM vulnerability CVE-2018-5513

Security Advisory Description A malformed Transport Layer Security TLS handshake causes the Traffic Management Microkernel TMM to stop responding, leading to a disruption of service. This issue is only exposed on the data plane when a Proxy SSL configuration is enabled. The control plane is not...

K05300051: TMM SCTP vulnerability CVE-2021-23013

Security Advisory Description The Traffic Management Microkernel TMM may stop responding when processing Stream Control Transmission Protocol SCTP traffic under certain conditions. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. CVE-2021-23013 Impact...

K26464312: TMM SCTP vulnerability CVE-2020-5918

Security Advisory Description The Traffic Management Microkernel TMM may stop responding when processing Stream Control Transmission Protocol SCTP traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. CVE-2020-5918 Impact...

K94105051: TMM vulnerability CVE-2018-5537

Security Advisory Description A remote attacker may be able to disrupt services on the BIG-IP if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end. CVE-2018-5537 Impact The BIG-IP system m...

K77671456: BIG-IP TMM vulnerability CVE-2018-5510

Security Advisory Description The Traffic Management Microkernel TMM may restart when processing a specific sequence of packets on IPv6 virtual servers. CVE-2018-5510 Note : This vulnerability does not affect IPv4 virtual servers. Impact The Traffic Management Microkernel TMM generates a core fil...

K17155: TMM vulnerability CVE-2015-4638

Security Advisory Description The Traffic Management Microkernel TMM may restart and produce a core file when a FastL4 virtual server processes a fragmented packet. CVE-2015-4638 Impact The Traffic Management Microkernel TMM may restart and temporarily fail to process traffic. Security Advisory...

CVE-2023-22842

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software...

CVE-2023-22341

On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel TMM to terminate: An OAuth Server that references an OAuth Provider An OAuth profile with the...

CVE-2023-23555

On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkern...

CVE-2023-22422

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to...

CVE-2023-22839

On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests...

CVE-2023-22281

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel...

CVE-2023-23555 BIG-IP Virtual Edition vulnerability

On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkern...

CVE-2023-23555 BIG-IP Virtual Edition vulnerability

On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkern...

CVE-2023-22842 BIG-IP SIP profile vulnerability

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software...

CVE-2023-22842 BIG-IP SIP profile vulnerability

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software...