K19784568: TMM vulnerability CVE-2016-5023

Security Advisory Description Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service Traffic Management Microkernel...

Havoc - Modern and malleable post-exploitation command and control framework

Havoc is a modern and malleablepost-exploitation command and control framework, created by @C5pider. Havoc is in an early state of release. Breaking changes may be made to APIs/core structures as the framework matures. Support Consider supporting C5pider on Patreon/Github Sponsors. Additional...

K08402414: BIG-IP ASM and Advanced WAF REST API endpoint vulnerability CVE-2022-23026

Security Advisory Description An authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. CVE-2022-23026 Impact An authenticated user with low privileges, such as a guest, may exploit this...

Vulnerabilities fixed in several F5 products

F5 has fixed several vulnerabilities in BIG-IP and NGINX. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...

CVE-2022-41691

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate...

Code injection

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate...

Remote code execution

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface...

CVE-2022-41836 BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate...

CVE-2022-41836 BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate...

CVE-2022-41691

CVE-2022-41691 – Summary (F5 BIG-IP Advanced WAF/ASM) A vulnerability in BIG-IP Advanced WAF/ASM is triggered when a security policy is applied on a virtual server; undisclosed requests can cause the bd process to terminate, resulting in DoS on the BIG-IP system. The vulnerability is documented b...

CVE-2022-41691 BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate...

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM bd vulnerability (K47204506)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.7 / 16.1.3.1 / 17.0.0.1 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K47204506 advisory. - When an 'Attack Signature False Positive Mode' enabled security policy is configured on a...

PT-2022-25987 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 13.1.x through 13.1.5.1 BIG-IP versions 14.1.x through 14.1.5.1 BIG-IP versions 15.1.x through 15.1.6.1 BIG-IP versions 16.1.x through 16.1.3.1 Description: An authenticated remote code execution issue exists in the BIG-IP...

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM bd vulnerability (K02694732)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.2. It is, therefore, affected by a vulnerability as referenced in the K02694732 advisory. - When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd...

new packages: objectweb-asm

An update is available for objectweb-asm. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

CVE-2022-29491

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side client/server, and DTLS on the other...

CVE-2022-26890

On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Sessi...

CVE-2022-25946

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Applian...

Code injection

On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Sessi...

Code injection

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side client/server, and DTLS on the other...