6294 matches found
K23946311: glibc vulnerability CVE-2015-8776
Security Advisory Description The strftime function in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly obtain sensitive information via an out-of-range time value. CVE-2015-8776 Impact An application or...
K10164113: Linux kernel vulnerability CVE-2015-8787
Security Advisory Description The nfnatredirectipv4 function in net/netfilter/nfnatredirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by sending certain IPv4 packets to ...
K30971148: Apache Tomcat 6.x vulnerability CVE-2015-5174
Security Advisory Description Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in...
K000132638: SnakeYAML vulnerability CVE-2022-1471
Security Advisory Description SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content...
K000132525: Apache vulnerability CVE-2006-20001
Security Advisory Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-2000...
K000132404: OpenJDK vulnerability CVE-2023-21830
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily...
K000132268: BIND vulnerability CVE-2022-3924
Security Advisory Description This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding...
K85054496: BIG-IP DNS resolver vulnerability CVE-2022-28708
Security Advisory Description When a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel TMM process to terminate. CVE-2022-28708 Impact Traffic is disrupted while the TMM process...
K76052144: BIG-IP, BIG-IQ, Enterprise Manager, and F5 iWorkflow Configuration utility vulnerability CVE-2019-6663
Security Advisory Description The BIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow Configuration utility is vulnerable to Anti DNS Pinning DNS Rebinding attack. CVE-2019-6663 Impact BIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow An Anti DNS Pinning DNS Rebinding attack allows an attacker ...
K12201527: Overview of Quarterly Security Notifications
Security Advisory Description F5 discloses security vulnerabilities and security exposures for F5 products in Quarterly Security Notifications QSNs. Note : To be notified about F5 security advisories published during a QSN and those published when it is necessary to disclose vulnerabilities at...
SOL76314525 - Samba vulnerabilities CVE-2015-5252 and CVE-2015-5299
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL25499204 - Samba vulnerability CVE-2015-8467
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL64743453 - NAT64 vulnerability CVE-2016-5745
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL39508724 - TMM SSL/TLS virtual server vulnerability CVE-2016-6907
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL55248799 - phpLDAPAdmin vulnerabilities CVE-2005-2654, CVE-2005-2792, CVE-2005-2793, CVE-2006-2016, and CVE-2009-4427
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL91084571 - PHP vulnerability CVE-2015-8873
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL37236006 - SQLite vulnerabilities CVE-2015-3414 and CVE-2015-3415
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL34146339 - OpenSSL vulnerability CVE-2000-1254
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL23946311 - glibc vulnerability CVE-2015-8776
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL50413110 - GnuPG vulnerability CVE-2013-4351
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL12903841 - Linux kernel vulnerabilities CVE-2015-4170, CVE-2015-6526, and CVE-2015-7837
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL22843911 - F5 Path MTU Discovery vulnerability CVE-2015-7759
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL31372672 - Mozilla NSS vulnerabilities CVE-2015-7181, CVE-2015-7182, and CVE-2015-7183
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17521 - NTP vulnerability CVE-2015-7849
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not lis...
SOL17335 - GnuTLS vulnerability CVE-2015-6251
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17239 - Linux kernel vulnerability CVE-2014-9529
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL17118 - Linux kernel vulnerability CVE-2015-2042
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL16841 - GNU C Library (glibc) vulnerability CVE-2013-7423
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL16476 - NET-SNMP vulnerability CVE-2012-6151
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16355 - Multiple MySQL vulnerabilities
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16117 - Multiple libvirt vulnerabilities
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL4602: Overview of the F5 security vulnerability response policy SOL9957: Creating a custom RSS feed to view new and updated documents SOL4918: Overview of the F5 critical issue...
SOL15967 - glibc and eglibc vulnerability CVE-2011-2702
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15879 - SOAP parser vulnerability CVE-2013-1824
Certain product versions contain the affected code; however, those product versions do not parse untrusted XML input, and are therefore not exploitable. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate thi...
SOL15875 - cURL vulnerability CVE-2013-1944
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...
SOL15862 - Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139
Recommended Action BIG-IP, BIG-IQ, and Enterprise Manager If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candida...
SOL15746 - Linux kernel vulnerability CVE-2012-4542
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...
SOL15566 - Kerberos vulnerability CVE-2014-4345
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists...
SOL15532 - XSS vulnerability in echo.jsp CVE-2014-4023
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL15423 - GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468
Vulnerability Recommended Actions ARX If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exist...
SOL15366 - OpenSSL DTLS vulnerability CVE-2009-1377
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15322 - PHP vulnerability CVE-2014-0185
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15169 - PHP vulnerability CVE-2013-4113
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...
SOL12851 - BIND vulnerability CVE-2010-3613
This security advisory describes a BIND vulnerability. For information about this advisory, refer to the Common Vulnerabilities and Exposures website at the following location: Note: The following link will take you to a resource outside of AskF5, and it is possible that the document may be remov...
SOL12650 - PHP vulnerability CVE-2010-4645
The strtod.c function may allow context-dependent attackers to cause a denial-of-service via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers. Information about this advisory is available at the following location: Note: The previous link...
SOL10674 - Netscape reuse cipher change bug - Qualsys QID 38284
A Qualsys security audit may report that the BIG-IP management IP address is vulnerable to a NETSCAPE REUSE CIPHER CHANGE BUG. The security audit may produce a report that appears similar to the following example: QID: 38284 CVSS Base: 5 1 Category: General remote services CVSS Temporal: 4.7 CVE...
SOL9110 - Apache Tomcat information disclosure vulnerability - CVE-2008-2370
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files through a...
SOL5278 - Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700
Apache modssl SSLVerifyClient bypass vulnerability CAN-2005-2700. Information about this advisory is available at the following location:...
SOL2591 - Linux kernel vulnerabilities - CAN-2003-0244, CAN-2003-0246
Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to SOL4602: Overview of F5 Networks securi...
K000151008: Quarterly Security Notification (May 2025)
Security Advisory Description On May 7, 2025, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch th...
K000148278: Spring framework CVE-2024-38820 vulnerability
Security Advisory Description The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected. CVE-2024-38820 Impact There is no impact; F5...