SOL49820145 - Apache Tomcat vulnerability CVE-2016-8735

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL13167034 - OpenSSL vulnerability CVE-2016-2183

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

K12636: Slowloris denial-of-service attack vulnerability CVE-2007-6750

Security Advisory Description The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the modreqtimeout module in versions before 2.2.15. CVE-2007-6750 Impact The Slowlori...

SOL14638 - TLS/SSL RC4 vulnerability CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. CVE-2013-2566...

K14190: TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169

Security Advisory Description A vulnerability exists in the TLS and DTLS protocols that may allow an attacker to recover plaintext from TLS/DTLS connections that use CBC-mode encryption. CVE-2013-0169 Note : Stream ciphers, such as RC4, are not vulnerable to this issue. Impact The vulnerability m...

K21350967: OpenSSH vulnerability CVE-2019-6111

Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory...

SOL15277 - ICMP vulnerability CVE-1999-0524

Recommended action To mitigate this vulnerability, you can configure an upstream firewall to filter out ICMP type 13 & 14 from affected hosts. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated...

SOL30518307 - Java commons-collections library vulnerability CVE-2015-4852

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

K30518307: Java commons-collections library vulnerability CVE-2015-4852

Security Advisory Description CVE-2015-4852 Java applications that have an endpoint that accepts serialized Java objects, an attacker can combine serializable collections to create arbitrary remote code execution. Based on the FoxGlove, an attack can be done via RMI or HTTP. The vulnerability is...

K19026212: Apache Log4j2 Remote Code Execution vulnerability CVE-2021-44228

Security Advisory Description Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contro...

K43451236: Apache Struts 2 vulnerability CVE-2017-5638

Security Advisory Description The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted...

K56105136: BIND vulnerability CVE-2022-0396

Security Advisory Description BIND 9.16.11 - 9.16.26, 9.17.0 - 9.18.0 and versions 9.16.11-S1 - 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSEWAIT status for an indefinite period of time, even after the client ha...

K60499474: Apache Struts vulnerability CVE-2018-11776

Security Advisory Description Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same possibility when using url tag which doesn't have value and...

K32171392: Apache Log4j2 vulnerability CVE-2021-45046

Security Advisory Description It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern...

SOL13400 - SSL 3.0/TLS 1.0 BEAST vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870

If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, the...

K57181937: Multiple Microsoft SMB (Wannacry/Wannacrypt/Petya/Goldeneye) vulnerabilities

Security Advisory Description CVE-2017-0143 The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to...

K16846: IPMI vulnerability CVE-2013-4786

Security Advisory Description The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC...

K29562170: jQuery vulnerability CVE-2015-9251

Security Advisory Description jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 Impact This vulnerability allows a remote attacker to perfo...

K90059138: Oracle WebLogic Deserialization Remote Code Execution CVE-2019-2725

Security Advisory Description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

SOL13114 - Apache Range header vulnerability - CVE-2011-3192

The byte-range filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial-of-service memory and CPU consumption using a Range header that expresses multiple overlapping ranges. When this vulnerability is exploited, the httpd...

K31333705: BIG-IP APM portal access may potentially leak host name information for back-end servers

Security Advisory Description This issue occurs when all of the following conditions are met: You configure the BIG-IP APM system to provide portal access to back-end resources. Users accessing portal access resources receive redirect responses from the BIG-IP APM system due to DNS resolution...

K24823443: Apache Commons Text vulnerability CVE-2022-42889

Security Advisory Description Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup tha...

K16967: XSS vulnerability in jQuery CVE-2011-4969

Security Advisory Description Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. CVE-2011-4969 Impact There is no impact; F5 products are not affected by this...

SOL16846 - IPMI vulnerability CVE-2013-4786

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

K17452: OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883

Security Advisory Description CVE-2001-0361 Implementations of SSH version 1.5, including 1 OpenSSH up to version 2.3.0, 2 AppGate, and 3 ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS1 version...

K15278: SSL renegotiation vulnerability CVE-2011-1473

Security Advisory Description DISPUTED OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service CPU consumption by performing many...

K15780: OpenSSH vulnerabilities CVE-2014-2532 and CVE-2014-2653

Security Advisory Description CVE-2014-2653 The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. CVE-2014-2532 sshd in OpenSSH before 6.6 does not...

K75408500: PHP FPM vulnerability CVE-2019-11043

Security Advisory Description In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of...

SOL14609 - OpenSSH vulnerability CVE-2008-5161

Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. Note: BIG-IP and Enterprise Manager systems running fixed versions can be affected when an older OpenSSH client connects ...

K02591030: HTTP/2 vulnerabilities CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, and CVE-2019-9517

Security Advisory Description CVE-2019-9511 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They...

SOL10558632 - Linux privilege-escalation vulnerability (Dirty COW) CVE-2016-5195

Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue hotfix policy...

K16948: Apache Tomcat vulnerability CVE-2007-1858

Security Advisory Description The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other,...

SOL14634 - SSL/TLS BREACH vulnerability CVE-2013-3587

Vulnerability Recommended Actions To mitigate this vulnerability, you can disable HTTP compression, or only enable HTTP compression for static content. For information about configuring HTTP compression, refer to the product guides for your specific product and version. Impact of action: Slower...

K11510688: Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963

Security Advisory Description Spring Framework RCE Spring4Shell: CVE-2022-22965 A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the...

SOL14740 - OpenSSH vulnerability CVE-2011-5000

Recommended action F5 recommends that you only allow SSH access to the administrative port from a secure network. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of...

SOL68401558 - BIG-IP virtual server TCP sequence numbers vulnerability

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL15313 - Java SE vulnerabilities CVE-2014-0456, CVE-2014-0457, and CVE-2014-2421

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

K84144321: Apache Struts vulnerability CVE-2017-9805

Security Advisory Description The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads...

SOL13598 - OpenSSL vulnerability CVE-2012-0884

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data using a Million Message Attack MMA adaptive chosen ciphertext...

K42531048: OpenSSH vulnerability CVE-2019-6110

Security Advisory Description In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. CVE-2019-6110...

SOL18829561 - BIND vulnerability CVE-2016-2776

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541

A Man in the Middle attack allows an attacker to inject an arbitrary amount of chosen plain text into the application protocol stream data during a secure session renegotiation that uses SSL version 3.x or TLS version 1.x. This may provide an attacker the ability to perform arbitrary actions on...

K50484570: Linux kernel vulnerability CVE-2019-11810

Security Advisory Description An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasascreateframepool fails in megasasalloccmds in drivers/scsi/megaraid/megaraidsasbase.c. This causes a Denial of Service, related to a use-after-free. CVE-2019-118...

K33721814: PHP vulnerability CVE-2016-6174

Security Advisory Description applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite aka Invision Power Board, IPB, or Power Board before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code vi...

K11420556: Apache Tomcat vulnerability CVE-2018-8014

Security Advisory Description The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have...

SOL14933 - Apache Struts vulnerability CVE-2013-2251

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL15260: Apache Struts vulnerability...

SOL15702 - SSLv3 vulnerability CVE-2014-3566

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL25527955 - SNMP vulnerability CVE-2002-0013

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

K04305530: SCP vulnerability CVE-2020-15778

Security Advisory Description scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers"...

SOL16993 - PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...