K15635: PHP 5.x vulnerability - CVE-2012-1171

Security Advisory Description The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper. CVE-2012-1171 Impact None. No F5 products a...

K16915: OpenSSL vulnerability CVE-2015-1792

Security Advisory Description The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data...

K93122894: OpenSSL vulnerability CVE-2016-0705

Security Advisory Description Double free vulnerability in the dsaprivdecode function in crypto/dsa/dsaameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a malformed DS...

K8178: MySQL vulnerabilities CVE-2007-5925, CVE-2007-5969, and CVE-2007-6303

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K52883417: BIND vulnerability CVE-2020-8620

Security Advisory Description In versions of BIND that use the libuv network manager 9.16.x is the only stable branch affected an incorrectly specified maximum buffer size allows a specially crafted large TCP payload to trigger an assertion failure when it is received. CVE-2020-8620 Impact There ...

K81557381: BIG-IP HTTP/2 vulnerability CVE-2019-6673

Security Advisory Description When the BIG-IP system is configured in HTTP/2 full proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel TMM. CVE-2019-6673 Impact An attacker may be able to use a specifically crafted request to...

K19380843: Node.js vulnerability CVE-2020-8174

Security Advisory Description napigetvaluestring allows various kinds of memory corruption in node 10.21.0, 12.18.0, and 14.4.0. CVE-2020-8174 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently...

K20022580: Linux kernel vulnerability CVE-2013-7446

Security Advisory Description Use-after-free vulnerability in net/unix/afunix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AFUNIX socket permissions or cause a denial of service panic via crafted epollctl calls. CVE-2013-7446 Impact The local user may be able to bypass...

K64009378: OpenSSL vulnerability CVE-2016-0701

Security Advisory Description The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple...

K13325942: Appliance mode iControl REST vulnerability CVE-2022-41800

Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary...

K61214359: Linux kernel vulnerability CVE-2019-15098

Security Advisory Description drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. CVE-2019-15098 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K87669052: Multiple Wireshark (tshark) vulnerabilities

Security Advisory Description CVE-2015-8734 The dissectnwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service application crash via a crafted packet. CVE-2015-8735 The...

SOL40521234 - Multiple Oracle Java SE vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL24642829 - Linux kernel vulnerability CVE-2015-7515

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL65271605 - NTP vulnerability CVE-2016-1549

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL42065024 - PHP vulnerability CVE-2016-4070

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL81081046 - PHP vulnerabilities CVE-2016-4537 and CVE-2016-4538

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL36488941 - OpenSSL vulnerability CVE-2016-2106

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL06288381 - NTP vulnerabilities CVE-2015-7977 and CVE-2015-7978

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL15364328 - Apache vulnerabilities CVE-2012-5783, CVE-2012-6153, and CVE-2014-3577

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL48042976 - BIG-IP SSL vulnerability CVE-2016-4545

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL15784 - Kerberos vulnerability CVE-2013-1418

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists...

SOL15785 - Kerberos vulnerability CVE-2013-6800

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists...

SOL15641 - Outdated or incorrect version vulnerability CVE-1999-0662

Recommended action To mitigate this vulnerability, you can subscribe to email notifications to keep up with the latest hotfixes and updates for your product. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new...

SOL15648 - PHP vulnerability CVE-2014-2020

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL15388 - OpenSSL vulnerability CVE-2011-4108

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. BIG-IP 11.x To...

SOL15319 - Linux kernel TTY vulnerability CVE-2014-0196

The nttywrite function in drivers/tty/ntty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service memory corruption and system crash or gain privileges by triggering a race condition...

SOL12793 - GNU C Library vulnerability CVE-2010-4051

The regcomp implementation in the GNU C Library aka glibc or libc6 allows context-dependent attackers to cause a denial-of-service DoS attack. This applies to GNU C Library versions through 2.11.3, and also versions 2.12.x through 2.12.2. Information about this advisory is available at the...

SOL9762 - OpenSSL vulnerability - CVE-2008-5077

OpenSSL 0.9.8i and earlier versions do not properly check the return value from the EVPVerifyFinal function. Information about this advisory is available at the following locations: Note: These links take you to a resource outside of AskF5, and it is possible that the information may be removed...

SOL9107 - OpenSSH vulnerability CVE-2008-1483

Information about this advisory is available at the following locations: Note: The following links take you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge...

SOL9108 - Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232

A cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML through a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

SOL8186 - Cross-site scripting vulnerability in Apache mod_imap CVE-2007-5000

F5 Product Development has determined the likelihood of exploitation is low for the cross-site scripting XSS vulnerability disclosed in CVE-2007-5000. Exploiting this vulnerability would require an administrator of an F5 device to interact with a web page crafted by an attacker. Possible attacks...

SOL7985 - ClamAV clamav-milter vulnerability - CVE-2007-4560

The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. Scanning is configured on the Antivirus tab of the Portal Access: Content Inspection page, through the Enable Standalone virus Scanner option...

SOL4009 - Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599

These vulnerabilities are described as methods under which an attacker could generate a PNG file that would cause applications that use libpng to execute arbitrary code. Since an attacker would require root access to the BIG-IP or 3-DNS in order to exploit this vulnerability, it is considered to ...

SOL6634 - pam_ldap vulnerability - CVE-2005-2641

This security advisory describes a pamldap vulnerability. Clients who are referred to a different server than the server on which they were originally authenticated, with a different TLS encryption requirement, could possibly bypass the new server's TLS requirements. Information about this adviso...

K000139618: MySQL vulnerabilities CVE-2024-21054, CVE-2024-21009, CVE-2024-20993, and CVE-2024-21102

Security Advisory Description CVE-2024-21054 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...

K96300145: C Library (SQLite & libxslt) vulnerabilities CVE-2019-16168 CVE-2019-13117 CVE-2019-13118

Security Advisory Description CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner." CVE-2019-13117 In numbers.c in libxslt...

K31113511: Apache APISIX Dashboard vulnerability CVE-2021-45232

Security Advisory Description In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of...

K01837042: Multiple Wireshark (tshark) vulnerabilities

Security Advisory Description CVE-2015-8711 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash v...

K15883: Net-SNMP vulnerability CVE-2012-2141

Security Advisory Description Array index error in the handlensExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service out-of-bounds read and snmpd crash via an SNMP GET request for an entry not in the extension...

K42842401: MySQL vulnerabilities CVE-2018-3145, CVE-2018-3155, CVE-2018-3156, CVE-2018-3161, and CVE-2018-3162

Security Advisory Description CVE-2018-3145 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco...

K15725: Multiple 5.5.x and 5.6.x MySQL vulnerabilities

Security Advisory Description CVE-2014-6507 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. CVE-2014-6491 Unspecified...

K23630542: MySQL vulnerabilities CVE-2017-3636, CVE-2018-3081, CVE-2018-3174, CVE-2021-2144, and CVE-2020-2812

Security Advisory Description CVE-2017-3636 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to...

K55237223: BIG-IP Advanced WAF and ASM XSS vulnerability CVE-2021-22993

Security Advisory Description DOM-based XSS on DoS Profile properties page. CVE-2021-22993 Impact An attacker can inject a malicious script into the BIG-IP Advanced WAF and ASM Configuration utility and trick users into executing malicious code. Security Advisory Status F5 Product Development has...

K00947806: Linux kernel vulnerability CVE-2019-3846

Security Advisory Description A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. CVE-2019-3846 Impact There is no impact; F5 products are not affected by this vulnerability...

K64721111: vCMP vulnerability CVE-2018-5531

Security Advisory Description Through undisclosed methods, adjacent network attackers can cause a denial of service for vCMP guest and host systems. Attacks must be sourced from an adjacent network Layer 2. CVE-2018-5531 Impact BIG-IP An attacker from an adjacent network may be able to cause a...

K96639388: Overview of F5 vulnerabilities (April 2021)

Security Advisory Description On April 28th, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. The details of each issue can be found in the associate...

K15432: Apache Tomcat vulnerability CVE-2014-0099

Security Advisory Description Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Lengt...

K15905: Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720

Security Advisory Description CVE-2009-3560 The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigge...

K6919: Cross-site scripting vulnerability in my.activation.php3 CVE-2007-3097

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...