Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•149 views

K15882: TLS1.x padding vulnerability CVE-2014-8730

Security Advisory Description Incorrect TLS padding may be accepted when terminating TLS 1.x CBC cipher connections. CVE-2014-8730 Impact Attackers may be able to calculate the plaintext of secure connections. Security Advisory Status F5 Product Development has assigned IDs 451218, 450804, and...

4.3CVSS7.6AI score0.1372EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•52 views

K15883: Net-SNMP vulnerability CVE-2012-2141

Security Advisory Description Array index error in the handlensExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service out-of-bounds read and snmpd crash via an SNMP GET request for an entry not in the extension...

3.5CVSS8.6AI score0.02167EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•66 views

K15863: Libtiff vulnerabilities CVE-2012-1173 and CVE-2012-2088

Security Advisory Description CVE-2012-1173 Multiple integer overflows in tiffgetimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the 1 gtTileSeparate or 2 gtStripSeparate function, leading to a...

7.5CVSS9.3AI score0.06918EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•24 views

K13108: TCP Packet Filtering Weakness - CERT VU#464113

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribing to email notifications regarding F5 products. Note : Versions that are not listed in this article have not been evaluated for vulnerability to this securit...

6.5AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•33 views

K13053402: TMM vulnerability CVE-2016-7468

Security Advisory Description An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db...

5.9CVSS6.7AI score0.01766EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•53 views

K42842401: MySQL vulnerabilities CVE-2018-3145, CVE-2018-3155, CVE-2018-3156, CVE-2018-3161, and CVE-2018-3162

Security Advisory Description CVE-2018-3145 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco...

7.7CVSS6.7AI score0.03716EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•23 views

K4232: BIND version 8.4.4 and 8.4.5 vulnerability CAN-2005-0033

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

5CVSS7.2AI score0.11448EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•44 views

K4207: Buffer overflow in mod_include - CAN-2004-0940

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.2AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•37 views

K41900062: Linux kernel vulnerability CVE-2017-15127

Security Advisory Description A flaw was found in the hugetlbmcopyatomicpte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VMSHARED hugetlbfs mapping could trigger a local denial of service BUG. CVE-2017-15127 Impact There is no impact; F5 product...

5.5CVSS5.7AI score0.00379EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•51 views

K32734107: BIG-IP APM vulnerability CVE-2021-23052

Security Advisory Description An open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. CVE-2021-23052 Impact An unauthenticated attacker can create an open redirect...

6.1CVSS6.1AI score0.00581EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•33 views

K30446705: GnuTLS vulnerability CVE-2020-13777

Security Advisory Description GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until t...

7.4CVSS7.6AI score0.17507EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•97 views

K16430721: IP forwarding vulnerability CVE-1999-0511

Security Advisory Description IP forwarding is enabled on a machine which is not a router or firewall. CVE-1999-0511 Impact F5 products are not affected by this vulnerability in default configurations. However, Nessus or similar scanning tools may send alerts for BIG-IP systems in the following...

9.1CVSS6.5AI score0.06908EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•105 views

K17133899: Multiple Treck TCP/IP stack vulnerabilities

Security Advisory Description CVE-2020-11896 The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. CVE-2020-11897 The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. CVE-2020-11898 The Treck TCP/IP stack...

10CVSS6.5AI score0.36965EPSS
Exploits21
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•52 views

K15725: Multiple 5.5.x and 5.6.x MySQL vulnerabilities

Security Advisory Description CVE-2014-6507 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. CVE-2014-6491 Unspecified...

7.5CVSS6.8AI score0.14784EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•63 views

K15699: Linux kernel vulnerability CVE-2014-0131

Security Advisory Description Use-after-free vulnerability in the skbsegment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. CVE-2014-0131 Impact...

2.9CVSS5.4AI score0.00675EPSS
Exploits2Affected Software17
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•71 views

K15680: Linux kernel vulnerabilities CVE-2014-3917, CVE-2014-0205 and CVE-2014-4667

Security Advisory Description Description CVE-2014-3917 kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIGAUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service OOPS via...

6.9CVSS7.2AI score0.05926EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•39 views

K15783: Kerberos vulnerability CVE-2013-1417

Security Advisory Description dotgsreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service daemon crash via a TGS-REQ request that triggers an attempted...

3.5CVSS7.1AI score0.01932EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•55 views

K15745: Multiple Oracle Java vulnerabilities

Security Advisory Description CVE-2014-6513 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2014-6532 Unspecified vulnerability in Oracle Jav...

10CVSS6.8AI score0.05639EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•39 views

K15156: OpenSSH vulnerability CVE-2009-2904

Security Advisory Description A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files withi...

6.9CVSS7.6AI score0.00318EPSS
Exploits0Affected Software7
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•51 views

K11009429: MySQL vulnerabilities CVE-2018-3170, CVE-2018-3171, CVE-2018-3173, CVE-2018-3174, and CVE-2018-3182

Security Advisory Description CVE-2018-3170 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...

6.5CVSS6.4AI score0.02673EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•43 views

K03073656: X.Org X server vulnerability CVE-2018-14665

Security Advisory Description A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and...

7.2CVSS7.2AI score0.2704EPSS
Exploits39
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•58 views

K03151140: ImageMagick vulnerability CVE-2016-3714

Security Advisory Description The 1 EPHEMERAL, 2 HTTPS, 3 MVG, 4 MSL, 5 TEXT, 6 SHOW, 7 WIN, and 8 PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." CVE-2016-3714 Impac...

10CVSS6.8AI score0.97485EPSS
Exploits11Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•259 views

K12331123: NGINX Plus and Open Source vulnerability CVE-2021-23017

Security Advisory Description An issue in NGINX resolver may allow an attacker who is able to forge UDP packets from the specified DNS server to cause a 1-byte memory overwrite, resulting in a worker process crash or other unspecified impact. CVE-2021-23017 Impact A remote attacker can cause a...

7.7CVSS8.3AI score0.53461EPSS
Exploits10Affected Software3
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•29 views

K12234501: BIG-IP virtual server vulnerability CVE-2020-5883

Security Advisory Description When a virtual server is configured with HTTP explicit proxy and has an attached HTTPPROXYREQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak. CVE-2020-5883 Impact The BIG-IP system may become vulnerable to conditions that result when i...

7.5CVSS7.4AI score0.01276EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•63 views

K08250500: Nginx vulnerability CVE-2016-4450

Security Advisory Description os/unix/ngxfiles.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service NULL pointer dereference and worker process crash via a crafted request, involving writing a client request body to a temporary file. CVE-2016-4450...

7.5CVSS7.4AI score0.16376EPSS
Exploits0Affected Software7
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•43 views

K99123750: BIG-IP Stream profile vulnerability CVE-2022-28701

Security Advisory Description When the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.CVE-2022-28701 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either forced to restart ...

7.5CVSS7.3AI score0.00868EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•76 views

K95463126: OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704

Security Advisory Description CVE-2016-0703 The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, whic...

5.9CVSS8AI score0.82112EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•52 views

K93683207: Apache vulnerability CVE-2018-1333

Security Advisory Description By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.18-2.4.30,2.4.33. CVE-2018-1333 Impact There is no impact; F5...

7.5CVSS6.4AI score0.17103EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•53 views

K65043534: Multiple INTEL BIOS vulnerabilities

Security Advisory Description CVE-2017-5705 Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. CVE-2017-5706 Multiple buffer overflows in kernel in Intel Server Platfo...

9CVSS8AI score0.04407EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•22 views

K58149033: Critical vulnerability in Apple iOS WebKit browser components can impact users of the BIG-IP APM F5 Access client

Security Advisory Description F5 Access is the SSL Virtual Private Network VPN client for BIG-IP APM systems. It is available for both desktop and mobile platforms in their respective app stores. For Android and Apple devices, F5 Access utilizes the operating system’s web browser WebKit to allow...

7.1AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•83 views

K49549213: Advanced WAF and BIG-IP ASM brute force mitigation may fail when receiving a specially crafted request

Security Advisory Description F5 Advanced Web Application Firewall WAF and BIG-IP ASM brute force mitigation may fail. This issue occurs when all of the following conditions are met: A security policy is configured with a login page using basic authentication as its authentication type. The...

6.7AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•32 views

K42534513: Multiple PeopleSoft Enterprise PeopleTools vulnerabilities

Security Advisory Description CVE-2018-3129 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Portal. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with...

6.1CVSS5.2AI score0.0211EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•28 views

K37130415: BIG-IQ Grafana vulnerability CVE-2020-5868

Security Advisory Description A remote access vulnerability has been discovered that may allow a remote user to run shell commands on affected systems using HTTP requests to the BIG-IQ user interface. CVE-2020-5868 Impact A remote attacker may be able to leverage the Grafana component to run loca...

10CVSS9AI score0.02248EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•59 views

K37046163: Kernel vulnerability CVE-2016-6480

Security Advisory Description Race condition in the ioctlsendfib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service out-of-bounds access or system crash by changing a certain size value, aka a "double fetch" vulnerability...

5.1CVSS5.9AI score0.00339EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•41 views

K15261: Apache Struts vulnerability CVE-2014-0112

Security Advisory Description ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. CVE-2014-0112 Impact None. F5 products do...

7.5CVSS8.2AI score0.98094EPSS
Exploits6
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•32 views

K15274: TCP reassembly vulnerability CVE-2014-3000

Security Advisory Description The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service undefined memory access and system crash or possibly read system memory via...

7.8CVSS6.8AI score0.12824EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•47 views

K15262: Apache Struts vulnerability CVE-2014-0113

Security Advisory Description CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request...

7.5CVSS8.2AI score0.78451EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•33 views

K14712: The BIG-IP APM access policy logout page may be vulnerable to XSS cookie tampering CVE-2013-5976

Security Advisory Description Description The BIG-IP APM access policy logout page may be vulnerable to cross-site scripting XSS. Impact XSS protection in the BIG-IP APM access policy logout page may be insufficient. Security Advisory Status F5 Product Development tracked this vulnerability as ID...

6.2AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•56 views

K11830089: BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617

Security Advisory Description When the F5 BIG-IP Advanced WAF or BIG-IP ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. CVE-2022-41617 Impact On systems deployed in Standard or Appliance mode, this vulnerability may all...

7.2CVSS7.4AI score0.011EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•29 views

K10366: BIND vulnerability - CVE-2009-0696

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

4.3CVSS6.7AI score0.12649EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•30 views

K95434410: TMM vulnerability CVE-2019-6629

Security Advisory Description Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact...

7.5CVSS7.5AI score0.01309EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•30 views

K4256: RADIUS integer overflow vulnerability CAN-2005-0108

Security Advisory Description Apache modauthradius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service crash via a RADIUSREPLYMESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument. Note: Versions that a...

6.4AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•50 views

K44611310: MySQL vulnerability CVE-2015-0411

Security Advisory Description Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. CVE-2015-0411 Impact Through...

7.5CVSS5.9AI score0.10038EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•33 views

K54562183: BIG-IP PEM vulnerability CVE-2018-5503

Security Advisory Description TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. CVE-2018-5503 Impact An attacker may be able to cause a remote denial of service DoS. Security Advisory Status ...

7.5CVSS7.6AI score0.01776EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•36 views

K16480: Multiple unzip vulnerabilities CVE-2014-8139, CVE-2014-8140, and CVE-2014-8141

Security Advisory Description CVE-2014-8139 A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. CVE-2014-8140 An integer...

7.8CVSS7.6AI score0.07448EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•29 views

K17597093: 389-ds-base vulnerability CVE-2017-15135

Security Advisory Description It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the...

8.1CVSS7.9AI score0.03828EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•51 views

K15189: Apache Commons FileUpload vulnerability CVE-2014-0050

Security Advisory Description MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's...

7.5CVSS7.3AI score0.83175EPSS
Exploits8Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•36 views

K15155: OpenSSH vulnerability CVE-2007-3102

Security Advisory Description Unspecified vulnerability in the linuxauditrecordevent function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. CVE-2007-3102 Impact None. F5 products...

4.3CVSS6.6AI score0.02342EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•64 views

K15154: NTP vulnerability CVE-2013-5211

Security Advisory Description The monlist feature in ntprequest.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service traffic amplification via forged 1 REQMONGETLIST or 2 REQMONGETLIST1 requests, as exploited in the wild in December 2013. CVE-2013-5211 Impact A...

5CVSS6.6AI score0.97755EPSS
Exploits23Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•27 views

K15147: OpenSSL vulnerability CVE-2013-6449

Security Advisory Description The sslgetalgorithm2 function in ssl/s3lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service daemon crash via crafted traffic from a TLS 1.2 client. CVE-2013-6449...

4.3CVSS7.3AI score0.21174EPSS
Exploits0Affected Software10
Total number of security vulnerabilities6413