EUVD-2020-27085

Malware in sbrugna...

K63312282: BIG-IP LTM HTTP/2 desync attacks: request line injection

Security Advisory Description Multiple desync attacks have been discovered. For more information refer to the following related articles: K27144609: Overview of HTTP/2 desync attacks K30341203: BIG-IP LTM and NGINX are not exposed to certain desync attacks K97045220: BIG-IP LTM HTTP/2 desync...

K52510343: ICMP PMTU messages are forwarded to the server side when the TCP proxy-mss setting is enabled in the associated profile

Security Advisory Description This issue occurs when all of the following conditions are met: Internet Control Message Protocol ICMP path maximum transmission unit PMTU messages are forwarded through the BIG-IP system running on the affected versions. OneConnect or SNAT is configured and actively...

K50375550: A specifically crafted HTTP request may lead the BIG-IP system to pass malformed HTTP requests to a target pool member web server (HTTP Desync Attack)

Security Advisory Description A specifically crafted HTTP request that contains Content-Length and Transfer-Encoding headers may lead the BIG-IP system to pass malformed HTTP requests to a target pool member web server. This issue occurs when the following condition is met: A virtual server...

K97045220: BIG-IP LTM HTTP/2 desync attacks: malicious CRLF placement security exposure

Security Advisory Description Multiple desync attacks have been discovered. For more information refer to the following related articles: K27144609: Overview of HTTP/2 desync attacks K30341203: BIG-IP LTM and NGINX are not exposed to certain desync attacks K63312282: BIG-IP LTM HTTP/2 desync...

CVE-2020-5931

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart...

CVE-2020-5931

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart...

Open redirect

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart...

CVE-2020-5931

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart...

CVE-2020-5931

CVE-2020-5931 affects F5 BIG-IP TMM with OneConnect profiles where WebSockets HTTP response headers may be mishandled, causing TMM restart. Affected versions include BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2. Remediation per advisory K25400442 ...