K000139214: Apache httpd vulnerability CVE-2024-27316

Security Advisory Description HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. CVE-2024-27316 Impact There is no impact; F5 products ar...

K80440915: Linux kernel vulnerability CVE-2017-7889

Security Advisory Description The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIGSTRICTDEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte and bypass slab-allocation access restrictions via a...

K8072: Obtaining uptime information from TCP timestamps

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K32034450: Linux kernel vulnerability CVE-2019-15926

Security Advisory Description An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6klwmipstreamtimeouteventrx and ath6klwmicaceventrx in the file drivers/net/wireless/ath/ath6kl/wmi.c. CVE-2019-15926 Impact There is no impact; F5 products are...

K01869532: Eclipse Jetty vulnerability CVE-2019-10241

Security Advisory Description In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of...

K45625134: Apache Subversion vulnerability CVE-2017-9800

Security Advisory Description A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a...

SOL77535578 - Multiple Java SE client-side vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL10772 - Linux NULL pointer dereference vulnerability - CVE-2009-2692

Information about this advisory is available at the following location: Note: As a result of a typo, this advisory was also referred to as CVE-2009-2962. Be advised that CVE-2009-2962 was removed as a duplicate of CVE-2009-2692. For information, refer to https://vulners.com/cve/CVE-2009-2962. Th...

K15338344: Eclipse Jetty vulnerability CVE-2021-28165

Security Advisory Description In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Impact Affected systems may experience resource exhaustion when receiving an invalid large TLS...

K13237658: tcpdump vulnerability CVE-2017-11541

Security Advisory Description tcpdump 4.9.0 has a heap-based buffer over-read in the lldpprint function in print-lldp.c, related to util-print.c.CVE-2017-11541 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

SOL31026324 - Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL15865 - Apache HTTP server vulnerability CVE-2012-4558

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

K55834441: Netty vulnerability CVE-2021-21295

Security Advisory Description Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables...

K16954: Multiple PHP CDF vulnerabilities CVE-2014-0237 and CVE-2014-0238

Security Advisory Description CVE-2014-0237 The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. CVE-2014-0238 The...

K21914362: Linux kernel vulnerability CVE-2013-7470

Security Advisory Description cipsov4validate in include/net/cipsoipv4.h in the Linux kernel before 3.11.7, when CONFIGNETLABEL is disabled, allows attackers to cause a denial of service infinite loop and crash, as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. CVE-2013-74...

K54624443: Apache HTTPD vulnerability CVE-2017-7668

Security Advisory Description The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to caus...

K42323475: Linux kernel vulnerability CVE-2021-3444

Security Advisory Description The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to...

K25423771: Linux kernel vulnerability CVE-2018-18021

Security Advisory Description arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVMSETONREG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control with full...

SOL90542710 - OpenSSL vulnerabilities CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, and CVE-2015-1794

Note: This is a temporary index. When an article has been published for all of the CVEs listed in the previous table, this article may no longer be maintained, may be repurposed, or may be archived without advanced notice. Supplemental Information SOL9970: Subscribing to email notifications...

SOL16908 - Apache HTTPD vulnerability CVE-2011-4415

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL15282 - Apache Struts vulnerability CVE-2014-0114

F5 Product Development has determined that these specific product versions, while they use a version of Apache Struts that has not been patched specifically for CVE-2014-0114, the Configuration utility inputs are appropriately sanitized to ensure these versions are not vulnerable to the issue...

K000135709: OpenSSH vulnerability CVE-2023-38408

Security Advisory Description The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOT...

K37337112: Apache Tomcat vulnerability CVE-2017-6056

Security Advisory Description It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816...

K23406572: libjpeg vulnerabilities CVE-2016-3616 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813 CVE-2018-14498

Security Advisory Description CVE-2016-3616 The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute arbitrary code via a crafted file. CVE-2018-11213 An issue was discovered in libjpeg 9a. The gettextgrayrow...

K25401610: OpenJDK vulnerability CVE-2021-2161

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition:...

K11225249: Linux kernel vulnerability CVE-2018-20836

Security Advisory Description An issue was discovered in the Linux kernel before 4.20. There is a race condition in smptasktimedout and smptaskdone in drivers/scsi/libsas/sasexpander.c, leading to a use-after-free. CVE-2018-20836 Impact An attacker can exploit this issue to cause denial of servic...

K15889: Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053

Security Advisory Description CVE-2011-3368 The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allo...

SOL35520031 - BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL52349521 - OpenSSL vulnerability CVE-2016-2842

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17199 - Linux kernel vulnerability CVE-2014-3690

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL15889 - Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053

CVE-2011-3368 The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send...

SOL15685 - Linux kernel vulnerability CVE-2014-3940

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL15110 - PHP Vulnerability CVE-2013-6420

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

SOL14161 - OpenSSH vulnerability CVE-2007-4752

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy Note: The following link takes you to a...

K10438187: BIG-IP iControl REST vulnerability CVE-2024-41723

Security Advisory Description Undisclosed requests to BIG-IP iControl REST can lead to an information leak of user account names. CVE-2024-41723 Impact This vulnerability allows for a remote authenticated attacker with network access to the iControl REST interface, through the BIG-IP management...

K95005525: Linux kernel vulnerability CVE-2018-6554

Security Advisory Description Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kernel before 4.17 allows local users to cause a denial of service memory consumption by repeatedly binding an AFIRDA socket. CVE-2018-6554 Impact...

K16430721: IP forwarding vulnerability CVE-1999-0511

Security Advisory Description IP forwarding is enabled on a machine which is not a router or firewall. CVE-1999-0511 Impact F5 products are not affected by this vulnerability in default configurations. However, Nessus or similar scanning tools may send alerts for BIG-IP systems in the following...

K50974556: Overview of F5 vulnerabilities (August 2021)

Security Advisory Description On August 24, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

K82131333: Linux kernel vulnerability CVE-2019-19066

Security Advisory Description A memory leak in the bfadimgetstats function in drivers/scsi/bfa/bfadattr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering bfaportgetstats failures, aka CID-0e62395da2bd. CVE-2019-19066 Impact There i...

K41410307: polkit vulnerability CVE-2021-3560

Security Advisory Description It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator...

K68251873: glibc vulnerability CVE-2019-25013

Security Advisory Description The iconv feature in the GNU C Library aka glibc or libc6 through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. CVE-2019-25013 Impact A buffer over-read may lead to segmentation fault, causing system...

K63443590: Apache Commons FileUpload vulnerability CVE-2013-2186

Security Advisory Description The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized...

SOL35012672 - PHP vulnerability CVE-2014-9705

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL17452 - OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL15724 - OpenSSL vulnerability CVE-2014-3568

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...

SOL6734 - Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343

This security advisory describes the following local OpenSSL vulnerabilities: Denial of Service Attacks CVE-2006-2937, CVE-2006-2940 SSLgetsharedciphers buffer overflow CVE-2006-3738 SSLv2 Client Crash CVE-2006-4343 Information about this advisory is available at the following location: Note: Thi...

K10558632: Linux privilege-escalation vulnerability CVE-2016-5195

Security Advisory Description Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka...

K9761: PHP vulnerability - CVE-2008-5557

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K14255532: Linux kernel vulnerability CVE-2019-11487

Security Advisory Description The Linux kernel before 5.1-rc5 allows page-refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipefsi.h,...

K04808933: Intel Processors MMIO Stale Data Advisory vulnerabilities CVE-2022-21123, CVE-2022-21125, and CVE-2022-21127

Security Advisory Description CVE-2022-21123 Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21125 Incomplete cleanup of microarchitectural fill buffers on some Intel...