6392 matches found
K01869532: Eclipse Jetty vulnerability CVE-2019-10241
Security Advisory Description In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of...
K34162192: Apache log4j2 denial-of-service vulnerability CVE-2021-45105
Security Advisory Description Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string...
K68251873: glibc vulnerability CVE-2019-25013
Security Advisory Description The iconv feature in the GNU C Library aka glibc or libc6 through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. CVE-2019-25013 Impact A buffer over-read may lead to segmentation fault, causing system...
SOL15900 - Apache HTTP server vulnerability CVE-2012-3499
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...
SOL12636 - Slowloris denial-of-service attack vulnerability CVE-2007-6750
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
K80440915: Linux kernel vulnerability CVE-2017-7889
Security Advisory Description The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIGSTRICTDEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte and bypass slab-allocation access restrictions via a...
K8072: Obtaining uptime information from TCP timestamps
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K58304450: Multiple Intel Processor vulnerabilities: Spectre-NG
Security Advisory Description Eight new vulnerabilities in Intel processors have been mentioned in several sources and are referred to collectively as Spectre-NG. F5 is aware of these vulnerabilities and is investigating as information becomes available. As Intel officially recognizes and announc...
K32034450: Linux kernel vulnerability CVE-2019-15926
Security Advisory Description An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6klwmipstreamtimeouteventrx and ath6klwmicaceventrx in the file drivers/net/wireless/ath/ath6kl/wmi.c. CVE-2019-15926 Impact There is no impact; F5 products are...
K45625134: Apache Subversion vulnerability CVE-2017-9800
Security Advisory Description A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a...
K54624443: Apache HTTPD vulnerability CVE-2017-7668
Security Advisory Description The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to caus...
K82455382: Apache Tomcat vulnerability CVE-2016-8745
Security Advisory Description A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache...
SOL77535578 - Multiple Java SE client-side vulnerabilities
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15282 - Apache Struts vulnerability CVE-2014-0114
F5 Product Development has determined that these specific product versions, while they use a version of Apache Struts that has not been patched specifically for CVE-2014-0114, the Configuration utility inputs are appropriately sanitized to ensure these versions are not vulnerable to the issue...
K000139214: Apache httpd vulnerability CVE-2024-27316
Security Advisory Description HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. CVE-2024-27316 Impact There is no impact; F5 products ar...
K16430721: IP forwarding vulnerability CVE-1999-0511
Security Advisory Description IP forwarding is enabled on a machine which is not a router or firewall. CVE-1999-0511 Impact F5 products are not affected by this vulnerability in default configurations. However, Nessus or similar scanning tools may send alerts for BIG-IP systems in the following...
K21914362: Linux kernel vulnerability CVE-2013-7470
Security Advisory Description cipsov4validate in include/net/cipsoipv4.h in the Linux kernel before 3.11.7, when CONFIGNETLABEL is disabled, allows attackers to cause a denial of service infinite loop and crash, as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. CVE-2013-74...
K13237658: tcpdump vulnerability CVE-2017-11541
Security Advisory Description tcpdump 4.9.0 has a heap-based buffer over-read in the lldpprint function in print-lldp.c, related to util-print.c.CVE-2017-11541 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...
K25423771: Linux kernel vulnerability CVE-2018-18021
Security Advisory Description arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVMSETONREG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control with full...
SOL35012672 - PHP vulnerability CVE-2014-9705
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL31026324 - Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16908 - Apache HTTPD vulnerability CVE-2011-4415
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
K37337112: Apache Tomcat vulnerability CVE-2017-6056
Security Advisory Description It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816...
K15338344: Eclipse Jetty vulnerability CVE-2021-28165
Security Advisory Description In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Impact Affected systems may experience resource exhaustion when receiving an invalid large TLS...
K16954: Multiple PHP CDF vulnerabilities CVE-2014-0237 and CVE-2014-0238
Security Advisory Description CVE-2014-0237 The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. CVE-2014-0238 The...
K50974556: Overview of F5 vulnerabilities (August 2021)
Security Advisory Description On August 24, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
K25401610: OpenJDK vulnerability CVE-2021-2161
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition:...
K42323475: Linux kernel vulnerability CVE-2021-3444
Security Advisory Description The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to...
K15889: Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053
Security Advisory Description CVE-2011-3368 The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allo...
SOL90542710 - OpenSSL vulnerabilities CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, and CVE-2015-1794
Note: This is a temporary index. When an article has been published for all of the CVEs listed in the previous table, this article may no longer be maintained, may be repurposed, or may be archived without advanced notice. Supplemental Information SOL9970: Subscribing to email notifications...
SOL17199 - Linux kernel vulnerability CVE-2014-3690
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL15865 - Apache HTTP server vulnerability CVE-2012-4558
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...
SOL15724 - OpenSSL vulnerability CVE-2014-3568
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...
SOL15110 - PHP Vulnerability CVE-2013-6420
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...
SOL6734 - Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343
This security advisory describes the following local OpenSSL vulnerabilities: Denial of Service Attacks CVE-2006-2937, CVE-2006-2940 SSLgetsharedciphers buffer overflow CVE-2006-3738 SSLv2 Client Crash CVE-2006-4343 Information about this advisory is available at the following location: Note: Thi...
K000135709: OpenSSH vulnerability CVE-2023-38408
Security Advisory Description The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOT...
K14255532: Linux kernel vulnerability CVE-2019-11487
Security Advisory Description The Linux kernel before 5.1-rc5 allows page-refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipefsi.h,...
K23406572: libjpeg vulnerabilities CVE-2016-3616 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813 CVE-2018-14498
Security Advisory Description CVE-2016-3616 The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute arbitrary code via a crafted file. CVE-2018-11213 An issue was discovered in libjpeg 9a. The gettextgrayrow...
K11225249: Linux kernel vulnerability CVE-2018-20836
Security Advisory Description An issue was discovered in the Linux kernel before 4.20. There is a race condition in smptasktimedout and smptaskdone in drivers/scsi/libsas/sasexpander.c, leading to a use-after-free. CVE-2018-20836 Impact An attacker can exploit this issue to cause denial of servic...
K33209124: OpenSSL vulnerability CVE-2015-3197
Security Advisory Description ssl/s2srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to t...
SOL35520031 - BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL52349521 - OpenSSL vulnerability CVE-2016-2842
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17452 - OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15889 - Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053
CVE-2011-3368 The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send...
SOL14161 - OpenSSH vulnerability CVE-2007-4752
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy Note: The following link takes you to a...
K10438187: BIG-IP iControl REST vulnerability CVE-2024-41723
Security Advisory Description Undisclosed requests to BIG-IP iControl REST can lead to an information leak of user account names. CVE-2024-41723 Impact This vulnerability allows for a remote authenticated attacker with network access to the iControl REST interface, through the BIG-IP management...
K10558632: Linux privilege-escalation vulnerability CVE-2016-5195
Security Advisory Description Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka...
K04808933: Intel Processors MMIO Stale Data Advisory vulnerabilities CVE-2022-21123, CVE-2022-21125, and CVE-2022-21127
Security Advisory Description CVE-2022-21123 Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21125 Incomplete cleanup of microarchitectural fill buffers on some Intel...
K73008537: Apache Tomcat vulnerability CVE-2018-1336
Security Advisory Description An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...
K82131333: Linux kernel vulnerability CVE-2019-19066
Security Advisory Description A memory leak in the bfadimgetstats function in drivers/scsi/bfa/bfadattr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering bfaportgetstats failures, aka CID-0e62395da2bd. CVE-2019-19066 Impact There i...