K40084114: Overview of F5 vulnerabilities (January 2022)

Security Advisory Description On January 19, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

K35421172: Excess resource consumption due to low MSS values vulnerability CVE-2019-11479

Security Advisory Description Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This...

K88628547: glibc vulnerability CVE-2019-6488

Security Advisory Description The string component in the GNU C Library aka glibc or libc6 through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for sizet in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as...

K85796417: Samba vulnerability CVE-2018-16860

Security Advisory Description A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the...

K34162192: Apache log4j2 denial-of-service vulnerability CVE-2021-45105

Security Advisory Description Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string...

K75432956: BIG-IP ASM vulnerability CVE-2018-5539

Security Advisory Description Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file. CVE-2018-5539 Impact BIG-IP The affected BIG-IP AS...

K73370428: Linux kernel vulnerability CVE-2021-34866

Security Advisory Description This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...

K71265658: Intel CSME vulnerability CVE-2019-0153

Security Advisory Description Buffer overflow in subsystem in IntelR CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access. CVE-2019-0153 Impact An attacker can exploit this vulnerability with Converged Security and Manageme...

K28241423: Linux kernel vulnerability CVE-2018-18559

Security Advisory Description In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The...

K30911244: Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check failure

Security Advisory Description The F5 Advanced Web Application Firewall Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check may fail to detect and block certain HTTP requests when some signatures are disabled on the security policy and wildcard header. Impact The attack signatur...

K26618426: Linux SACK Slowness vulnerability CVE-2019-11478

Security Advisory Description Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This h...

K75501541: MySQL vulnerabilities CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2494, and CVE-2019-2495

Security Advisory Description CVE-2019-2481 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attack...

K05263202: BIG-IP IPsec tunnel endpoint vulnerability CVE-2017-6156

Security Advisory Description When the BIG-IP system is configured with a wildcard IPsec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPsec negotiations. The attacker must possess the necessary credentials to negotiate the phase...

K12685114: BIG-IP REST vulnerability CVE-2016-6249

Security Advisory Description F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these file...

K71249196: Python-Pillow vulnerability CVE-2021-25288

Security Advisory Description An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi. CVE-2021-25288 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the...

K11718033: TMM WebSocket vulnerability CVE-2018-5504

Security Advisory Description In some circumstances, the Traffic Management Microkernel TMM does not properly handle certain malformed WebSocket requests/responses, which allows remote attackers to cause a denial of service DoS or possible remote code execution on the BIG-IP system. CVE-2018-5504...

K79609038: Linux kernel vulnerability CVE-2016-10907

Security Advisory Description An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755parsedt. CVE-2016-10907 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status...

K04826822: Intel Software Vulnerability CVE-2020-8766

Security Advisory Description Improper conditions check in the IntelR SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2020-8766 Impact There is no impact; F5 products are not affected by this vulnerability...

K90059138: Oracle WebLogic Deserialization Remote Code Execution CVE-2019-2725

Security Advisory Description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

K92327553: BlueZ and Intel Smart Sound Technology vulnerabilities CVE-2020-0556 and CVE-2020-0583

Security Advisory Description CVE-2020-0556 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access CVE-2020-0583 Improper access control in the subsystem for Intel...

K91021753: Apache MINA vulnerability CVE-2022-45047

Security Advisory Description Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can...

K92451315: OpenSSL vulnerability CVE-2020-1968

Security Advisory Description The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to...

K6701: Possible logon through native RSA SecurID authentication without valid passcode

Security Advisory Description Important: Only customers using native RSA SecurID authentication are affected by this issue. No other forms of authentication, including authentication of SecurID using the RADIUS protocol non-native SecurID authentication are affected by this issue. Note : Versions...

K15439: Samba vulnerability CVE-2014-0244

Security Advisory Description The sysrecvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed UDP packet. CVE-2014-0244 Impact None. No F5 products are...

K63312282: BIG-IP LTM HTTP/2 desync attacks: request line injection

Security Advisory Description Multiple desync attacks have been discovered. For more information refer to the following related articles: K27144609: Overview of HTTP/2 desync attacks K30341203: BIG-IP LTM and NGINX are not exposed to certain desync attacks K97045220: BIG-IP LTM HTTP/2 desync...

K58192514: NSS vulnerability CVE-2017-7805

Security Advisory Description During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new...

K13275: PHP vulnerability CVE-2009-3293

Security Advisory Description Unspecified vulnerability in the imagecolortransparent function in PHP prior to version 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." CVE-2009-3293 Impact None Security Advisory Status F5 Product Development...

K53437580: Apache vulnerabilities CVE-2016-0736 and CVE-2016-2161

Security Advisory Description CVE-2016-0736 In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryptio...

K55518036: GO vulnerability CVE-2021-31525

Security Advisory Description net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. CVE-2021-31525 Impact There...

K13231: PHP vulnerability CVE-2009-2626

Security Advisory Description In PHP 5.3.0 and PHP 5.2.10 and earlier, the zendrestoreinientrycb function in zendini.c allows context-specific attackers to obtain sensitive information memory contents and causes PHP to fail by using the iniset function to declare a variable, and then using the...

K44808538: BIG-IP APM SAML SLO vulnerability CVE-2020-5934

Security Advisory Description When multiple HTTP requests from the same client to configured SAML Single Logout SLO URL are passing through a TCP Keep-Alive connection, traffic to the Traffic Management Microkernel TMM can be disrupted. CVE-2020-5934 Impact A remote attacker may be able to cause ...

K89002224: PHP vulnerability CVE-2016-7127

Security Advisory Description The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact by providing...

K90603426: TMM with HTTP/2 vulnerability (CVE-2021-23009)

Security Advisory Description Malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data plane issue only.CVE-2021-23009 Impact...

K68816502: A BIG-IP LTM policy referencing an external data group may not match traffic

Security Advisory Description A BIG-IP LTM policy referencing an external data group may not match traffic. This issue occurs when the following conditions are met: The virtual server is configured with a BIG-IP LTM policy and an external data group. The BIG-IP system reboots or the Traffic...

K70191975: Apache Xerces vulnerability CVE-2016-4463

Security Advisory Description Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. CVE-2016-4463 Impact An attacker requires privileged access to a dynamically generated XML file to exploit one of th...

K67397230: BIG-IP ASM, F5 Advanced WAF, and NGINX App Protect normalizing security exposure

Security Advisory Description The BIG-IP ASM, F5 Advanced Web Application Firewall Advanced WAF, and NGINX App Protect systems incorrectly normalize undisclosed strings. Impact The attack signature check fails to detect and block such requests, as expected of a security policy. Symptoms As a resu...

K69309752: Apache HTTPD vulnerability CVE-2022-30556

Security Advisory Description Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer. CVE-2022-30556 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K30315990: OpenVPN vulnerability CVE-2016-6329

Security Advisory Description OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attac...

K15747621: Linux kernel vulnerability CVE-2020-28374

Security Advisory Description In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, ...

K35453761: cURL and libcurl vulnerability CVE-2017-2628

Security Advisory Description cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RH...

K14756743: OpenSSH vulnerability CVE-2021-28041

Security Advisory Description ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. CVE-2021-28041 Impact There is...

K97521840: logback vulnerability CVE-2021-42550

Security Advisory Description In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. CVE-2021-42550 Impact There is no impact; F5 products...

K08641512: glibc vulnerability CVE-2020-27618

Security Advisory Description The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in...

K10204425: PHP vulnerability CVE-2018-5712

Security Advisory Description An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. CVE-2018-5712 Impact There is no impact; F5 products are not...

K37681312: PHP vulnerability CVE-2019-9020

Security Advisory Description An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebu...

K67317871: Python Pillow vulnerability CVE 2016-4009

Security Advisory Description Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. CVE-2016-4009 Impact There ...

K61705126: BIG-IP APM apd vulnerability CVE-2019-6661

Security Advisory Description When the BIG-IP APM system processes certain requests, the apd/apmd process may consume excessive resources. CVE-2019-6661 Impact BIG-IP APM When this vulnerability is exploited, the BIG-IP APM system may experience excessive resource consumption, which may cause one...

K10522033: Intel CSME and TXE vulnerability CVE-2019-0098

Security Advisory Description Logic bug vulnerability in subsystem for IntelR CSME before version 12.0.35, IntelR TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2019-0098 Impact An attacker with physical access to...

K35925420: Intel software vulnerabilities CVE-2020-8754, CVE-2020-8757, CVE-2020-8760, CVE-2020-12356

Security Advisory Description CVE-2020-8754 Out-of-bounds read in subsystem for IntelR AMT, IntelR ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. CVE-2020-8757 Out-of-bounds re...

K22441651: BIG-IP TMUI XSS vulnerability CVE-2019-6657

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility. CVE-2019-6657 Impact An attacker may exploit this vulnerability using a crafted URL ...