CVE-2025-52585 BIG-IP Client SSL profile vulnerability

When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman ADH ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...

PT-2025-33003 · F5 · F5 Big-Ip Ltm

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP LTM affected versions not specified Description: When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman ADH ciphers enabled, undisclosed requests can cause...

CVE-2019-6627

On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled...

CVE-2024-32017 Buffer overflows in RIOT

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the gcoapdnsserverproxyget function contains a small typo that may lead to a buffer overflow in the subsequent strcpy. In detail, t...

CVE-2024-3382

A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SS...

CVE-2024-3382

A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SS...

CVE-2024-3382 PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets

A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SS...

CVE-2024-3382

CVE-2024-3382 describes a memory leak in Palo Alto Networks PAN-OS that affects PA-5400 Series devices with SSL Forward Proxy enabled, enabling a remote attacker to send crafted packets that exhaust the firewall’s processing capacity and cause a DoS. The issue is tied to PAN-OS SSL decryption/ Fo...

CVE-2024-3382 PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets

A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SS...

Palo Alto Networks PAN-OS 10.2.x < 10.2.7-h3 / 11.0.x < 11.0.4 / 11.1.x < 11.1.2 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.7-h3 or 11.0.x prior to 11.0.4 or 11.1.x prior to 11.1.2. It is, therefore, affected by a vulnerability. - A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burs...

PT-2024-2903 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS software affected versions not specified Description: A memory leak exists in the software that enables an attacker to send a burst of crafted packets through the firewall, eventually preventing it from processing...

BIT-ENVOY-2020-11767

Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection negotiated with SNI over HTTPS to .example.com, a request for a domain concurrently configured explicitly e.g., abc.example.com is sent to the servers listening behind .example.com. The outcome shoul...

BIT-APACHE-2021-44224 Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

Debian: Security Advisory (DSA-5435-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd and mod_http2 security update

httpd 2.4.53-7.0.1.5 - Replace index.html with Oracle's index page oracleindex.html. 2.4.53-7.5 - Resolves: 2177751 - CVE-2023-25690 httpd: HTTP request splitting with modrewrite and modproxy modhttp2 1.15.19-3.5 - Resolves: 2177751 - CVE-2023-25690 httpd: HTTP request splitting with modrewrite a...

K43945001: F5 TMM vulnerability CVE-2017-6147

Security Advisory Description An undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server. CVE-2017-6147 Impact If the SSL Forward Proxy...

K91013510: SSL Forward Proxy vulnerability CVE-2022-23016

Security Advisory Description When BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23016 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a...

K20134942: SSL Forward Proxy vulnerability CVE-2018-5527

Security Advisory Description A remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel TMM to leak memory. As a result, system memory usage...

K73202036: Configuring SSL Forward Proxy and an OCSP stapling profile may allow a connection to a website with a revoked certificate

Security Advisory Description When you have configured the BIG-IP system for SSL Forward Proxy and have also configured an Online Certificate Status Protocol OCSP stapling profile, under certain conditions, the client could connect to a website with a revoked certificate without knowing it, despi...

K45325728: SSL forward proxy vulnerability CVE-2018-5533

Security Advisory Description Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. CVE-2018-5533 Impact This vulnerability may allow a remote attacker to cause the Traffic Management Microkernel TM...