SOL17119 - MySQL vulnerability CVE-2015-2576

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL17125 - Multiple Java vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL17118 - Linux kernel vulnerability CVE-2015-2042

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL17114 - NTP vulnerability CVE-2015-5146

A flaw was found in the way ntpd processed certain remote configuration packets. CVE-2015-5146 - pending An attacker could use a specially crafted package to cause ntpd to become unresponsive when all of the following conditions are met: The ntpd configuration has enabled remote configuration. Th...

SOL17123 - Apache Tomcat vulnerability CVE-2014-0230

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17126 - Apache Struts vulnerability CVE-2014-7809

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL17121 - Linux network subsystem vulnerabilities CVE-2014-8160, CVE-2014-8172, CVE-2014-8173, CVE-2014-9428, CVE-2014-9644, CVE-2015-0274, and CVE-2015-2041

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL17112 - ikiwiki cross-site scripting via openid_identifier vulnerability CVE-2015-2793

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL17061 - Multiple PHP vulnerabilities

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17049 - PHP vulnerability CVE-2015-4598

Important: Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products, to trigger ...

SOL17070 - PHP vulnerability CVE-2015-4021

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL17079 - Java SE vulnerabilities CVE-2015-2590 and CVE-2015-4732

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16961 - TLS MAC error vulnerability

Vulnerability Recommended Actions None Acknowledgements F5 would like to acknowledge Yngve N. Pettersen of TLS Prober Labs for bringing this issue to our attention, and for following the highest standards of responsible disclosure. Supplemental Information SOL9970: Subscribing to email...

SOL17028 - PHP vulnerabilities CVE-2015-3411 and CVE-2015-3412

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17057 - QEMU vulnerabilities CVE-2015-3214, CVE-2015-5154, and CVE-2015-5158

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL17025 - BIND DNSSEC vulnerability CVE-2010-0097

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC 1 NSEC and 2 NSEC3 records. CVE-2010-0097...

SOL16909 - BIND vulnerability CVE-2015-5477

1These versions are vulnerable if a self IP address or management IP address is configured to allow inbound connections on port 53. 2These versions are vulnerable if a DNS profile is configured with the Use BIND Server on BIG-IP option enabled by default. 3These versions are vulnerable if...

SOL16912 - BIND vulnerability CVE-2015-4620

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16908 - Apache HTTPD vulnerability CVE-2011-4415

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL16907 - Apache HTTPD vulnerability CVE-2011-3607

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

SOL16983 - PCRE library vulnerability CVE-2015-2325

Although the BIG-IP/BIG-IQ/Enterprise Manager software contains the vulnerable code, BIG-IP/BIG-IQ/Enterprise Manager does not use the vulnerable code in a way that exposes the vulnerability. An attacker must have local access to BIG-IP/BIG-IQ/Enterprise Manager to trigger an exploit, which the...

SOL16993 - PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16990 - zlib 1.2.2 vulnerability CVE-2005-1849

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL16904 - OpenSSL ssleay_rand_byte(s) regression CVE-2015-3216

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL16984 - PCRE library vulnerability CVE-2015-2326

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL16976 - PHP vulnerability CVE-2015-1352

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL16965 - bzip2 vulnerabilities CVE-2005-0953 and CVE-2005-1260

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL16970 - TLS Finish Message vulnerability

The BIG-IP system does not verify every byte in the Finished message of a TLS handshake...

SOL16954 - Multiple PHP CDF vulnerabilities CVE-2014-0237 and CVE-2014-0238

CVE-2014-0237 The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. CVE-2014-0238 The cdfreadpropertyinfo function in cdf.c...

SOL16903 - Microsoft Schannel vulnerability CVE-2015-1637

1 BIG-IP Edge Client for Windows uses Schannel.dll directly and indirectly through WinINet for HTTPS communication with Microsoft Windows. F5 recommends that users apply the applicable Microsoft update posted at . This link takes you to a resource outside of AskF5, and the third party could remov...

SOL16950 - SQLite vulnerability CVE-2015-3416

Although the software of the affected F5 products contain the vulnerable code, the affected F5 products do not use the vulnerable code in a way which exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit...

SOL16946 - Boost memory allocator vulnerability CVE-2012-2677

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16948 - Apache Tomcat vulnerability CVE-2007-1858

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL16945 - Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844

CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address. CVE-2004-2771 A flaw was found in the way mailx handled the parsing of email addresses...

SOL16949 - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148

Important: Certain product versions contain the affected code; however, those product versions do not parse untrusted XML input, and are, therefore, not exploitable. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL16939 - Multiple Wireshark vulnerabilities

CVE-2014-6421 Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. CVE-2014-6422 The SDP dissector ...

SOL16900 - Multiple FreeType vulnerabilities

1The FreeType package exists on the BIG-IP system but is not used in a way that exposes this vulnerability. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed...

SOL16940 - Multiple Wireshark vulnerabilities

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL16871 - logrotate vulnerability CVE-2011-1155

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL16937 - OpenSSL vulnerability CVE-2015-1793

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity value...

SOL16865 - GNU C Library (glibc) vulnerability CVE-2015-1781

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Although the BIG-IP, BIG-IQ, and Enterprise Manager software contains the vulnerable code, BIG-IP, BIG-IQ, and Enterprise...

SOL16938 - OpenSSL vulnerability CVE-2015-1788

The Client Authentication setting of "ignore" does not expose the vulnerability. BIG-IP Edge Client-initiated connections are vulnerable only when connecting to a malicious server that is representing itself as a BIG-IP APM system. iOS devices using the BIG-IP Edge Client 2.0.5 or 2.0.6 are...

SOL16864 - SSL/TLS RC4 vulnerability CVE-2015-2808

Refer to the FirePass section of the Vulnerability Recommended Actions section. Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be no...

SOL16869 - logrotate vulnerability CVE-2011-1098

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL16870 - logrotate vulnerability CVE-2011-1154

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16872 - Java Runtime Environment vulnerability CVE-2013-4002

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16914 - OpenSSL vulnerability CVE-2015-1791

For BIG-IP, Enterprise Manager, and BIG-IQ systems, the vulnerable code exists on the system; however, it is not used in the way that exposes the system to the vulnerability. For LineRate systems, the vulnerable code exists on the system; however, it is not used in the way that exposes the system...

SOL16915 - OpenSSL vulnerability CVE-2015-1792

For BIG-IP, Enterprise Manager, and BIG-IQ systems, the vulnerable code exists on the system; however, it is not used in the way that exposes the system to the vulnerability. While BIG-IP v12.0.0 ships with an OpenSSL version prior to 1.0.1n, the libraries necessary to fix the issue were merged...

SOL16898 - PKCS #7 vulnerability CVE-2015-1790

The BIG-IP data plane is not vulnerable to this CVE. The control plane is only vulnerable when a locally authenticated attacker uses the OpenSSL command line tool. While BIG-IP v12.0.0 ships with an OpenSSL version prior to 1.0.1n, the libraries necessary to fix the issue were merged with the...

SOL16913 - OpenSSL vulnerability CVE-2015-1789

For BIG-IP, BIG-IQ, and Enterprise Manager systems, the vulnerable code exists in the OpenSSL package; however, the code is not used in a way that would make an exploit possible. While BIG-IP v12.0.0 ships with an OpenSSL version prior to 1.0.1n, the libraries necessary to fix the issue were merg...