SOL05770600 - Linux libuser vulnerability CVE-2015-3246

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL05200155 - Multiple Java vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL17528 - NTP vulnerability CVE-2015-7850

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17381 - OpenJDK vulnerability CVE-2014-0428

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL16343 - OpenLDAP vulnerabilities CVE-2015-1545 and CVE-2015-1546

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL15983 - Linux kernel vulnerability CVE-2013-7263

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL15956 - Linux kernel vulnerability CVE-2014-2568

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL15920 - Apache vulnerability CVE-2011-0419

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. BIG-IP and...

SOL15742 - Linux kernel vulnerabilities CVE-2014-6416, CVE-2014-6417, and CVE-2014-6418

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL15635 - PHP 5.x vulnerability - CVE-2012-1171

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...

SOL15404 - OpenSSL vulnerability CVE-2009-3245

Recommended action You can eliminate this vulnerability by running a version listed in the Versions known to be not vulnerable column in the previous table. If the Versions known to be not vulnerable column does not list a version that is higher than the version you are running, then no upgrade...

SOL15399 - Usermin remote vulnerability CVE-2014-3883

The vulnerability described in this article has been resolved, or does not affect any F5 products. There will be no further updates, unless new information is discovered...

SOL15303 - PHP vulnerability CVE-2013-7345

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL14204 - BIND vulnerability CVE-2011-4313

F5 Product Development has determined that these Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these Enterprise Manager systems. These products are only vulnerable if BIND was manually configured and enabled. Recommended actio...

SOL13279 - PHP vulnerability CVE-2009-4017

Recommended Action None Supplemental Information Note: This link will take you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view n...

SOL8837 - OpenSSL DTLS off-by-one error - CVE-2007-4995

Description CVE-2007-4995 - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. Information about this advisory is available at the following location:...

SOL8424 - Java Runtime Environment Vulnerability - CVE-2008-0657

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges through an untrusted application or applet, as demonstrated by an application or applet that grants...

SOL2355 - Timing attacks on RSA private keys - CAN-2003-0147

Information about this advisory can be found at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge...

SOL2593 - Buffer overflow in zlib - CAN-2003-0107

Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to SOL4602: Overview of F5 Networks securi...

SOL4351 - BIND 9.3.0 denial of service vulnerability CAN-2005-0034

BIG-IP versions 9.0 through 9.0.5 contain BIND version 9.3.0 and are vulnerable if BIND is enabled. To enable BIND on the BIG-IP system, you must log in to the command line and configure it manually; you cannot inadvertently enable BIND. Since BIND is disabled by default, most BIG-IP systems are...

K000150538: Kubernetes ingress-nginx vulnerabilities CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, and CVE-2025-24514

Security Advisory Description CVE-2025-1097 also known as IngressNightmare A security issue was discovered in ingress-nginx https : //github . com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary cod...

K000150304: Apache Camel vulnerability CVE-2025-27636

Security Advisory Description Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 through = 4.10.1, from 4.8.0 through = 4.8.4, from 3.10.0 through = 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4...

K000148467: MySQL vulnerabilities CVE-2024-21262 and CVE-2024-21272

Security Advisory Description CVE-2024-21262 Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/ODBC. Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

K000148354: Apache vulnerability CVE-2024-40725

Security Advisory Description A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source...

K000141470: Apache Tomcat vulnerabilities CVE-2024-23672 and CVE-2024-24549

Security Advisory Description CVE-2024-23672 Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through...

K000141062: libcurl vulnerability CVE-2024-7264

Security Advisory Description libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointe...

K000140405: Multiple OpenJDK vulnerabilities

Security Advisory Description CVE-2024-21147 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1;...

K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. CVE-2024-32760 Note : This issue affects NGINX systems compiled with the...

K000139810: Oracle Java vulnerability CVE-2024-20919

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK:...

K000139590: MySQL Server vulnerabilities CVE-2024-20994, CVE-2024-21015, CVE-2024-21050, and CVE-2024-21057

Security Advisory Description CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with netwo...

K000138520: BIG-IP Configuration utility vulnerability CVE-2024-27202

Security Advisory Description A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. CVE-2024-27202 Impact An attacker may exploit this...

K000138733: BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026

Security Advisory Description An SQL injection vulnerability exists in the BIG-IP Next Central Manager API URI. CVE-2024-26026 Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Next Central Manager API URI. This vulnerability...

K000139446: Oracle Java vulnerability CVE-2024-21005

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerabili...

K000138866: Python Pillow vulnerability CVE-2023-50447

Security Advisory Description Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter. CVE-2023-50447 Impact There is no impact; F5 products are not affected by...

K000138511: Linux kernel vulnerability CVE-2023-38427

Security Advisory Description An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemblenegcontexts. CVE-2023-38427 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

K000138462: Oracle Java vulnerabilities CVE-2024-20922, CVE-2024-20923

Security Advisory Description CVE-2024-20922 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to...

K000138255: Go OpenTelemetry Contrib vulnerability CVE-2023-47108

Security Advisory Description OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

K000137969: OpenSSL vulnerability CVE-2023-3817

Security Advisory Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters tha...

K000136109: PHP SQLite vulnerability CVE-2022-31631

Security Advisory Description In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injectio...

K000135997: Multiple Node.js vulnerabilities

Security Advisory Description CVE-2023-32002 The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x an...

K000133699: Oracle WebLogic Server vulnerabilities CVE-2023-21964, CVE-2023-21979, and CVE-2023-21996

Security Advisory Description CVE-2023-21964 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo...

K2319: Insufficient MAC computation in OpenSSH - CAN-2003-0078

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K92807525: TMUI XSS vulnerability CVE-2022-27878

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-27878 Impact An authenticated attacker may exploit...

K40427215: BIND vulnerability CVE-2022-2881

Security Advisory Description The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. CVE-2022-2881 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development ha...

K16729408: D-Bus vulnerability CVE-2020-12049

Security Advisory Description An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system...

K43239141: 9p filesystem vulnerability CVE-2019-16413

Security Advisory Description The 9p filesystem did not protect isizewrite properly, which causes an isizeread infinite loop and denial of service on SMP systems. CVE-2019-16413 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

K75540265: BIG-IP APM ACL bypass vulnerability CVE-2021-23016

Security Advisory Description An attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. CVE-2021-23016 Impact This vulnerability may allow an attacker to retrieve static...

K70569537: BIG-IP DNS Express vulnerability CVE-2022-41787

Security Advisory Description When the DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with Domain Name System Security Extensions DNSSEC can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-41787 Impact Traffic is disrupted while...

K21336065: GD Graphics Library vulnerability CVE-2016-8670

Security Advisory Description Integer signedness error in the dynamicGetbuf function in gdiodp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service stack-based buffer overflow or possibly hav...

K74605824: MySQL Server UDF vulnerability CVE-2017-3529

Security Advisory Description Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: UDF. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...