70 matches found
K56676554: BIG-IP HTTP/2 profile vulnerability CVE-2023-22664
Security Advisory Description When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2023-22664 Impact System performance can degrade until the Traffic Management Microkernel...
F5 BIG-IP AWAF and ASM Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in F5 BIG-IP AWAF and ASM, where when a BIG-IP Advanced WAF or BIG-IP ASM security...
F5 BIG-IP HTTP/2 profile denial of service vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP HTTP/2 profile, when enabling the client HTTP/2 profile and HTTP MR...
Design/Logic Flaw
In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization...
Design/Logic Flaw
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization...
Design/Logic Flaw
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization...
CVE-2022-41770 BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests...
CVE-2022-41624 BIG-IP iRules vulnerability CVE-2022-41624
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization...
CVE-2022-41624
CVE-2022-41624 affects BIG-IP iRules vulnerability. When a sideband iRule is configured on a virtual server, undisclosed traffic can cause memory resource utilization to rise, potentially degrading system performance. Affected BIG-IP versions (per advisory K43024307) include: 17.0.x before 17.0.0...
F5 Networks BIG-IP : BIG-IP iRules vulnerability (K43024307)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5.1 / 14.1.5.2 / 15.1.7 / 16.1.3.2 / 17.0.0.1 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K43024307 advisory. - In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1....
F5 Networks BIG-IP : BIG-IP AFM NAT64 policy vulnerability (K00721320)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.5.1 / 16.1.3.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K00721320 advisory. - In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address...
CVE-2022-33203 BIG-IP APM and F5 SSL Orchestrator vulnerability CVE-2022-33203
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...
PT-2022-22645 · F5 · Big-Ip
Name of the Vulnerable Software and Affected Versions: BIG-IP versions 14.1.x through 14.1.5 BIG-IP versions 15.1.x through 15.1.6.1 BIG-IP versions 16.1.x through 16.1.2.2 Description: When an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory...
F5 Networks BIG-IP : BIG-IP Message Routing MQTT vulnerability (K28405643)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5 / 15.1.6.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K28405643 advisory. - In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5,...
F5 Networks BIG-IP : HTTP2 profile vulnerability (K79933541)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5 / 15.1.6.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K79933541 advisory. - In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5,...
F5 BIG-IP HTTP2 profile denial of service vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP HTTP2 profile, which stems from the fact that when configuring the...
Default credentials
On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing default, undisclosed requests can cause an increase in memory resource...
CVE-2022-26372
CVE-2022-26372 affects F5 BIG-IP DNS profile: when a DNS listener on a virtual server uses DNS queueing (default), undisclosed requests can cause memory resource utilization to spike, leading to degraded performance or DoS. Affected branches and fixes per VULNERABILITY docs: BIG-IP 15.1.x before ...
CVE-2022-26372
On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing default, undisclosed requests can cause an increase in memory resource...
F5 Networks BIG-IP : DNS profile vulnerability (K23454411)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.0.2 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K23454411 advisory. - On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x...