6390 matches found
K22025917: Apache CXF vulnerability CVE-2018-8038
Security Advisory Description Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. CVE-2018-8038...
K43523962: BIG-IP APM XSS vulnerability CVE-2016-9257
Security Advisory Description BIG-IP APM 12.0.0 through 12.1.2 is vulnerable to Cross Site Scripting XSS injection due to rendering of not escaped/not encoded content of session variables in Access Reports. CVE-2016-9257 Impact A malicious non-authenticated user may be able to inject JavaScript...
K30215839: F5 iRules vulnerability CVE-2019-6685
Security Advisory Description Users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution. CVE-2019-6685 Impact BIG-IP iRules manager roles are able to access data stored on other...
K39751401: BIND vulnerability CVE-2019-6469
Security Advisory Description An error in the EDNS Client Subnet ECS feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 - 9.11.6-S1 of BIND 9 Supported Preview Edition...
K16248201: TMM vulnerability CVE-2018-15318
Security Advisory Description If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition. CVE-2018-15318 Impact The BIG-...
K91026261: BIG-IP TMM vulnerability CVE-2019-6594
Security Advisory Description Multipath TCP MPTCP does not protect against multiple zero length DATAFINs in the reassembly queue, which can lead to an infinite loop in some circumstances. CVE-2019-6594 Impact The BIG-IP system temporarily fails to process traffic as it recovers from a Traffic...
K92411323: BIG-IP TMM vulnerability CVE-2019-6666
Security Advisory Description The TMM process may produce a core file when an upstream server or cache sends an HTTP response with an invalid age header value to a BIG-IP virtual server with Ram Cache enabled on its associated Web Acceleration profile. CVE-2019-6666 Impact The BIG-IP system...
K43520321: NGINX Controller API Vulnerability CVE-2020-5901
Security Advisory Description Undisclosed API endpoints may allow for a reflected Cross Site Scripting XSS attack. If the victim user is logged in as admin this could result in a complete compromise of the system. CVE-2020-5901 Impact For the attack to occur, a user must visit a specially crafted...
K17516: NTP vulnerability CVE-2015-7852
Security Advisory Description ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted mode 6 response packets. CVE-2015-7852 Impact While the scope of the impact is limited, an attacker may be able to craft response packets...
K15604: Multiple rsync vulnerabilities
Security Advisory Description Following are descriptions of various rsync vulnerabilities: CVE-2006-2083 Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes th...
K44650639: Binutils vulnerability CVE-2019-9076
Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elfreadnotes in elf.c. CVE-2019-9076 Impact There is no impact; F5 products are not affected by this...
K55102452: TMM vulnerability CVE-2017-6140
Security Advisory Description Undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles using AES-GCM cipher suites may cause disruption of data plane services. CVE-2017-6140 This vulnerability affects the following BIG-IP platforms: 2000s, 2200s, 4000s, 4200v,...
K72122162: Binutils vulnerabilities CVE-2018-7569 and CVE-2018-10373
Security Advisory Description CVE-2018-7569 dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service integer underflow or overflow, and application crash via an ELF file with a corrupt DWARF FORM block...
K94110161: Red Hat shell command injection flaw vulnerabilities CVE-2016-4444, CVE-2016-4445, CVE-2016-4446, and CVE-2016-4989
Security Advisory Description CVE-2016-4444 The allowexecmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function. CVE-2016-4445 The...
K05765031: vCMP vulnerability CVE-2019-6670
Security Advisory Description vCMP hypervisors incorrectly expose the plaintext unit key for their vCMP guests on the file system. CVE-2019-6670 Impact An attacker may use this vulnerability to extract the master key of vCMP guests. Security Advisory Status F5 Product Development has assigned ID...
K35600134: Net-SNMP vulnerability CVE-2018-18066
Security Advisory Description snmpoidcompare in snmplib/snmpapi.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE-2018-18066 Impact There i...
K95010813: The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes
Security Advisory Description The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes. This issue occurs when all of the following conditions are met: You configure a port misuse policy for DNS and a service policy on the BIG-IP AFM system. The...
K62830532: BIG-IP MQTT iRule vulnerability CVE-2020-5935
Security Advisory Description When your system handles MQTT traffic through a BIG-IP virtual server associated with an MQTT profile, and an iRule performs manipulations on that traffic, TMM may produce a core file. CVE-2020-5935 Impact The Traffic Management Microkernel TMM may generate a core fi...
K38871451: LibTIFF vulnerability CVE-2015-7554
Security Advisory Description The TIFFVGetField function in tifdir.c in libtiff 4.0.6 allows attackers to cause a denial of service invalid memory write and crash or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF. CVE-2015-7554 Impact This vulnerabilit...
K48224824: BIG-IP DNS Cache vulnerability CVE-2018-5532
Security Advisory Description On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the...
K64743453: NAT64 vulnerability CVE-2016-5745
Security Advisory Description BIG-IP devices using NAT64 are vulnerable to an unauthenticated remote attack that may allow modification of the BIG-IP system configuration. CVE-2016-5745 F5 Technical Support has no additional information about this issue. Impact An unauthorized remote attack may...
K86272821: BIND vulnerability CVE-2016-9131
Security Advisory Description named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed response to an RTYPE ANY query. CVE-2016-9131 Impact When the BIND...
K03863974: Apache LDAP vulnerability CVE-2018-1337
Security Advisory Description In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to...
K74302282: BIG-IP APM RDP resource security exposure
Security Advisory Description When BIG-IP APM Remote Desktop Protocol RDP is configured, users can bypass RDP resource redirection restrictions between the RDP remote machine and the local machine. This issue occurs when the following condition is met: A BIG-IP APM policy configured with an RDP...
K41503304: Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature bypass security exposure
Security Advisory Description The F5 Advanced Web Application Firewall Advanced WAF, BIG-IP ASM, and NGINX App Protect systems attack signature check may fail to match attack signature 200000128, as expected, for certain undisclosed requests. This issue occurs when all of the following conditions...
K8919: Linux kernel vulnerability CVE-2007-2878
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K15877: Apache vulnerability CVE-2013-1862
Security Advisory Description modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequen...
K15304: Linux kernel tcp_rcv_state_process vulnerability CVE-2012-6638
Security Advisory Description The tcprcvstateprocess function in net/ipv4/tcpinput.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service kernel resource consumption via a flood of SYN+FIN TCP packets. CVE-2012-6638 Impact Remote attackers may be able to cause a...
K02460950: Linux kernel vulnerability CVE-2017-18552
Security Advisory Description An issue was discovered in net/rds/afrds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rdsrecvtracklatency. CVE-2017-18552 Impact An attacker may potentially be able to cause modification or disclosure of information...
K7985: ClamAV clamav-milter vulnerability - CVE-2007-4560
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K50413110: GnuPG vulnerability CVE-2013-4351
Security Advisory Description GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey...
K38243073: BIG-IP ASM data processing vulnerability CVE-2017-6154
Security Advisory Description The BIG-IP ASM bd process may produce a core file under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. CVE-2017-6154 Impact The BIG-IP ASMbd process produces a core file, interrupting traffic processing and causing ...
K10898: DNSSEC BIND vulnerability - CVE-2009-4022
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K28538929: MySQL vulnerability CVE-2016-5634
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR. CVE-2016-5634 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Produ...
K31934524: BIG-IP SNAT vulnerability CVE-2021-22998
Security Advisory Description SYN flood protection thresholds are not enforced in secure network address translation SNAT listeners. CVE-2021-22998 Impact Connections to SNAT listeners are not bound by SYN cookie thresholds, leaving them potentially vulnerable to SYN flood class attacks. This iss...
K68146245: Apache Pulsar vulnerability CVE-2021-22160
Security Advisory Description If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens JWT, the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user...
K34144932: libwww-perl vulnerability CVE-2014-3230
Security Advisory Description When libwww-perl LWP uses IO::Socket::SSL and when the HTTPSCADIR or HTTPSCAFILE environment variables are set, server certificate verification is disabled. CVE-2014-3230 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K41613034: NTP vulnerability CVE-2016-2519
Security Advisory Description ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service ntpd abort by a large request data value, which triggers the ctlgetitem function to return a NULL value. CVE-2016-2519 Improper restriction of operations within th...
K37708118: BIG-IP DNS profile vulnerability CVE-2023-22839
Security Advisory Description When a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel TMM to terminate. CVE-2023-22839 Impact Traffic is disrupted while the T...
SOL15535113 - MySQL vulnerability CVE-2016-5632
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL09417637 - Samba vulnerability CVE-2015-3223
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL39250133 - glibc vulnerability CVE-2015-8779
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL43552605 - Out-of-bounds memory vulnerability with the BIG-IP APM system CVE-2015-8098
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL15933 - NTP vulnerability CVE-2014-9296
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL8874 - OpenSSL packages contain a predictable random number generator - VU#925211
A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated. Information about this advisory is available at the following location:...
SOL2232 - checktrap.pl script may be vulnerable to remote command execution
The checktrap.pl script may be vulnerable to remote command execution. F5 Networks Product Development tracked this issue as CR35371 and CR35372, and it was fixed in BIG-IP and 3-DNS version 4.5.12 for the 4.5 software branches and in version 4.6.3 for the 4.6 software branches. Obtaining and...
SOL6806 - ClamAV UPX heap overflow Vulnerability - CVE-2006-4018
The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. A vulnerability in ClamAV 0.88.4 and earlier versions could allow a remote attacker to crash the scanner process or execute code remotely using...
SOL6592 - Cross-Site Scripting vulnerability in the logon page
A cross-site scripting XSS vulnerability exists in the FirePass logon page. The affected FirePass logout URL fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web pages or emails with URLs that include executable code or...
SOL5725 - pam_ldap password policy control vulnerability CAN-2005-2641
The pamldap authentication module may allow clients to authenticate with lower security ciphers than are normally required when the clients have been referred from another LDAP server. F5 Product Development tracked this issue as CR54024 and it was fixed in BIG-IP LTM 9.1.3 for the 9.1 software...
SOL3082 - Multiple vulnerabilities in OpenSSL - CAN-2004-0081, CAN-2004-0079, CAN-2004-0112
F5 Product Development tracked this issue and it was fixed in BIG-IP and 3-DNS 4.5.11 and 4.6.1. Obtaining and installing patches The TA04-078A patch has been issued for BIG-IP and 3-DNS 4.5.9 and 4.6. You may download the TA04-078A patch by navigating to the BIG-IP BIG-IP v4.x 4.5 section of the...