SOL91100352 - Mozilla NSS vulnerability CVE-2016-1950

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL7859 - Multiple PHP vulnerabilities

PHP has been cited with multiple vulnerabilities. For information about these vulnerabilities, refer to the National Vulnerabilities Database. Information about these advisories is available at the following locations: CVE-2007-1846 SQL injection vulnerability in index.php in the MyAds 2.04jp and...

K51975973: Eclipse Jetty vulnerability CVE-2021-34428

Security Advisory Description For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can...

K46011592: HTTP/2 Empty Frames Flood vulnerability CVE-2019-9518

Security Advisory Description Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or...

K41440465: BIG-IP TMM vulnerability CVE-2022-26071

Security Advisory Description A flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel TMM allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. CVE-2022-26071 Impact A...

Apache vulnerability CVE-2017-6146

F5 Product Development has assigned ID 572272 BIG-IP and ID 663962 Enterprise Manager to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to see versions box. To determine if your release is known to be vulnerable, the...

SOL15935 - NTP vulnerability CVE-2014-9294

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

K97120268: Apache Log4j SQL injection vulnerability CVE-2022-23305

Security Advisory Description By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL...

K17133899: Multiple Treck TCP/IP stack vulnerabilities

Security Advisory Description CVE-2020-11896 The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. CVE-2020-11897 The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. CVE-2020-11898 The Treck TCP/IP stack...

K27112954: Linux kernel vulnerability CVE-2019-15292

Security Advisory Description An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalkprocexit, related to net/appletalk/atalkproc.c, net/appletalk/ddp.c, and net/appletalk/sysctlnetatalk.c. CVE-2019-15292 Impact There is no impact; F5 products are not affected...

K14492558: PHP vulnerability CVE-2021-21708

Security Advisory Description In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result ...

K97457339: Linux kernel vulnerabilities CVE-2017-1000370 and CVE-2017-1000371

Security Advisory Description CVE-2017-1000370 The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execveed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above...

K52349521: OpenSSL vulnerability CVE-2016-2842

Security Advisory Description The doaproutch function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service out-of-bounds write or memory consumption or...

K72118410: Linux kernel vulnerability CVE-2021-29154

Security Advisory Description BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpfjitcomp.c and arch/x86/net/bpfjitcomp32.c. CVE-2021-29154 Impact...

SOL01276005 - OpenSSL vulnerability CVE-2016-2182

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL62012529 - BIND vulnerability CVE-2016-1286

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

K000139092: DNS vulnerability CVE-2023-50387

Security Advisory Description Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone...

K64292204: OpenSSH vulnerability CVE-2016-10010

Security Advisory Description sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. CVE-2016-10010 Impact In the default configuration,...

K35453761: cURL and libcurl vulnerability CVE-2017-2628

Security Advisory Description cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RH...

K31902105: OpenSSH vulnerability CVE-2016-20012

Security Advisory Description DISPUTED OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination...

K52559937: Overview of NGINX vulnerabilities (May 2021)

Security Advisory Description On May 25, 2021, NGINX announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your NGINX systems. The details of each issue can be found in the associated Security Advisory...

SOL6669 - Apache HTTP Expect header handling

The vulnerability exists in the Apache web server, which is used by FirePass. Apache will not sanitize the contents of the HTTP Expect header when receiving an HTTP request. Instead, the contents of the Expect header will be returned in a successful HTTP response. This permits executable code suc...

K06372014: PHP vulnerability CVE-2019-9023

Security Advisory Description An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur...

K88126845: BIG-IP APM web pages may be indexed by search engines

Security Advisory Description This issue occurs when all of the following conditions are met: Users connect to the BIG-IP APM system through the internet. The BIG-IP APM system is reachable by search engines. Impact BIG-IP APM web pages may be enumerated and other data may be disclosed. Symptoms ...

K05717484: PhpAdmin vulnerability CVE-2005-3299

Security Advisory Description PHP file inclusion vulnerability in grabglobals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $redirect parameter, possibly involving the subform array. CVE-2005-3299 Impact There is no impact; F5 products are not...

K02912734: Intel CPU vulnerability CVE-2019-11135

Security Advisory Description TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11135 Impact There is no impact; F5 products are not affected by...

K16847: Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583

Security Advisory Description Description CVE-2014-8109 modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which...

SOL17244 - Linux kernel vulnerability CVE-2015-1593

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. In BIG-IP 10.x, some platforms are running 32-bit Linux kernel and some platforms are running 64-bit, depending on their...

K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509

Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K01709026: PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226

Security Advisory Description CVE-2017-7890 The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized...

K16090: BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability CVE-2014-9326

Security Advisory Description The automatic signature update functionality in the 1 Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the 2 Call Home feature in ASM 10.0.0...

K7859: Multiple PHP vulnerabilities

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K52341555: Samba vulnerability CVE-2022-3592

Security Advisory Description A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix...

SOL87416818 - TMM vulnerability CVE-2016-7476

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL4616 - BSD telnet environment vulnerability CAN-2005-0488

Was this resource helpful in solving your issue? Yes - this resource was helpful No - this resource was not helpful I don‘t know yet NOTE: Please do not provide personal information. Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:...

K000138643: OpenSSH vulnerability CVE-2023-51767

Security Advisory Description OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat...

K43429502: OpenSSL RSA key generation vulnerability CVE-2018-0737

Security Advisory Description The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL...

K53825211: PHP vulnerability CVE-2019-9637

Security Advisory Description An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus...

K74954302: PHP vulnerability CVE-2016-2554

Security Advisory Description Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TAR archive. CVE-2016-2554...

SOL15900 - Apache HTTP server vulnerability CVE-2012-3499

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

K58304450: Multiple Intel Processor vulnerabilities: Spectre-NG

Security Advisory Description Eight new vulnerabilities in Intel processors have been mentioned in several sources and are referred to collectively as Spectre-NG. F5 is aware of these vulnerabilities and is investigating as information becomes available. As Intel officially recognizes and announc...

K32380005: Linux kernel vulnerability CVE-2019-18282

Security Advisory Description The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash instead ...

K34162192: Apache log4j2 denial-of-service vulnerability CVE-2021-45105

Security Advisory Description Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string...

K6881: SSHv1 vulnerabilities CVE-2006-4924

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

K64709522: Multiple Zip Slip vulnerabilities

Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

K82455382: Apache Tomcat vulnerability CVE-2016-8745

Security Advisory Description A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache...

SOL71436934 - Apache httpd vulnerability CVE-2016-4979

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL15903 - Multiple PHP vulnerabilities

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL12636 - Slowloris denial-of-service attack vulnerability CVE-2007-6750

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

K000139214: Apache httpd vulnerability CVE-2024-27316

Security Advisory Description HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. CVE-2024-27316 Impact There is no impact; F5 products ar...