6294 matches found
SOL15405 - OpenSSL 0.9.8l vulnerability CVE-2009-4355
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15401 - OpenSSL vulnerability CVE-2012-2333
Recommended action You can eliminate this vulnerability by running a version listed in the Versions known to be not vulnerable column in the previous table. If the Versions known to be not vulnerable column does not list a version that is higher than the version you are running, then no upgrade...
SOL15376 - OpenSSL 0.9.8k vulnerability CVE-2009-0789
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15366 - OpenSSL DTLS vulnerability CVE-2009-1377
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15369 - OpenSSL vulnerability CVE-2009-0591
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15350 - OpenSSL vulnerability CVE-2008-1672
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15356 - OpenSSL vulnerability CVE-2014-0195
The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow a...
SOL15349 - OpenSSL 0.9.8t Denial of Service via S/MIME msg vulnerability CVE-2006-7250
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15358 - OpenSSL vulnerability CVE-2009-0590
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15345 - GnuTLS vulnerability CVE-2014-3466
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15278 - SSL renegotiation vulnerability CVE-2011-1473
Vulnerability Recommended Actions BIG-IP 11.x - 12.x BIG-IP 10.x FirePass Enterprise Manager ARX BIG-IP 11.x - 12.x If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does n...
SOL15351 - OpenSSL DTLS ChangeCipherSpec vulnerability CVE-2009-1386
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15348 - OpenSSL DTLS Buffer vulnerability CVE-2009-1387
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL15359 - OpenSSL vulnerability CVE-2009-1378
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15355 - OpenSSL DTLS Buffer vulnerability CVE-2009-1379
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...
SOL15341 - BIG-IP ASM Virtual Edition may run out of memory under certain DoS conditions
Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. To mitigate this vulnerability, you can perform one or more of the following procedures, depending on the traffic...
SOL15342 - OpenSSL vulnerability CVE-2014-3470
The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...
SOL15343 - OpenSSL vulnerability CVE-2014-0221
The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service recursion and client crash via a DTLS hello message in an invalid DTLS handshake. CVE-2014-0221...
SOL15328 - OpenSSL vulnerability CVE-2010-5298
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists...
SOL15329 - SSL_MODE_RELEASE_BUFFERS vulnerability CVE-2014-0198
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...
SOL15310 - Data Manager SQL Injection Remote Code Execution vulnerability CVE-2014-2949
Vulnerability Recommended Actions To mitigate this vulnerability, you can stop the Data Manager Service when not in use. To do so, perform the following procedure: Impact of action: Performing the following procedure should not have a negative impact on your system. 1. Log in as admin to Data...
SOL15316 - PHP vulnerability CVE-2013-4635
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15325 - OpenSSL vulnerability CVE-2014-0224
Client-side componentsProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature ---|---|---|--- BIG-IP LTM| 11.0.0 - 11.5.1 10.0.0 - 10.2.4| 12.0.0 11.6.0 11.5.1 HF3 11.5.0 HF4 11.2.1 HF15| Host-initiated SSL connections COMPAT SSL ciphers BIG-...
SOL15314 - OpenSSL vulnerability CVE-2011-4577
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To...
SOL15313 - Java SE vulnerabilities CVE-2014-0456, CVE-2014-0457, and CVE-2014-2421
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15315 - Java Open JDK vulnerability CVE-2014-0429
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15320 - Apache vulnerability CVE-2014-0098
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. ARX To mitigate th...
SOL15303 - PHP vulnerability CVE-2013-7345
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15318 - OpenSSL vulnerability CVE-2011-3207
Note: LineRate uses the specified vulnerable OpenSSL version, but CRL validation is not enabled, so the product is not vulnerable. Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed ...
SOL15322 - PHP vulnerability CVE-2014-0185
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15319 - Linux kernel TTY vulnerability CVE-2014-0196
The nttywrite function in drivers/tty/ntty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service memory corruption and system crash or gain privileges by triggering a race condition...
SOL15317 - Linux kernel vulnerability CVE-2014-0101
The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...
SOL15305 - OpenSSL vulnerability CVE-2004-0975
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15300 - Apache HTTP Server mod_dav DoS vulnerability CVE-2013-6438
Recommended Action ARX If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate th...
SOL15299 - Linux kernel vulnerability CVE-2013-2888
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate the ri...
SOL15301 - Linux kernel TCP ISN vulnerability CVE-2011-3188
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. FirePass To protec...
SOL15304 - Linux kernel tcp_rcv_state_process vulnerability CVE-2012-6638
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. F5 recommends that...
SOL15296 - list.jsp XSS vulnerability CVE-2014-3959
A cross-site scripting XSS vulnerability exists in list.jsp for the BIG-IP and Enterprise Manager Configuration utilities. CVE-2014-3959...
SOL15295 - OpenSSL vulnerability CVE-2014-0076
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists...
SOL15277 - ICMP vulnerability CVE-1999-0524
Recommended action To mitigate this vulnerability, you can configure an upstream firewall to filter out ICMP type 13 & 14 from affected hosts. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated...
SOL15274 - TCP reassembly vulnerability CVE-2014-3000
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. If your LineRate...
SOL15273 - Apache vulnerability CVE-2012-0053
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. ARX To mitigate th...
SOL15272 - PHP Vulnerability CVE-2013-4636
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...
SOL15282 - Apache Struts vulnerability CVE-2014-0114
F5 Product Development has determined that these specific product versions, while they use a version of Apache Struts that has not been patched specifically for CVE-2014-0114, the Configuration utility inputs are appropriately sanitized to ensure these versions are not vulnerable to the issue...
SOL15262 - Apache Struts vulnerability CVE-2014-0113
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15261 - Apache Struts vulnerability CVE-2014-0112
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15260 - Apache Struts vulnerability CVE-2014-0094
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15250 - BIND vulnerability CVE-2014-3214
The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a DNS query that triggers a response with unspecified attributes. CVE-2014-3214...
SOL15220 - iControl vulnerability CVE-2014-2928
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL15229 - BIG-IQ / BIG-IP privilege escalation vulnerability CVE-2014-3220
If the BIG-IQ 4.1 system is used to discover a BIG-IP 11.3.0 or 11.4.0 system, an authenticated user on the BIG-IP system may be able to modify the password of another user, including an administrator. Recommended Action If the previous table lists a version in the Versions known to be not...