K72540690: BIG-IP high availability state mirroring vulnerability CVE-2020-5884

Security Advisory Description The default deployment mode for BIG-IP high availability HA pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring. CVE-2020-5884 Impact On-path attackers may be able to read and modify data in transit...

K10441: Microsoft Active Template Library (ATL) vulnerabilities VU#456745

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K16117: Multiple libvirt vulnerabilities

Security Advisory Description CVE-2013-4292 libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service memory consumption via a large number of domain migrate parameters in certain RPC calls in 1 daemon/remote.c and 2 remote/remotedriver.c. CVE-2013-4399 The remoteClientFreeFunc...

K16128: Microsoft Schannel vulnerability CVE-2014-6321

Security Advisory Description Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted...

K16118: libXfont vulnerabilities CVE-2014-0209, CVE-2014-0210 and CVE-2014-0211

Security Advisory Description CVE-2014-0209 Multiple integer overflows in the 1 FontFileAddEntry and 2 lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the...

K92800352: NTP vulnerability CVE-2016-4953

Security Advisory Description ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service ephemeral-association demobilization by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. CVE-2016-4953 Impact There is no impact; F5 products...

K16108: BIND vulnerability CVE-2014-8680

Security Advisory Description The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service assertion failure and named exit via vectors related to 1 the lack of GeoIP databases for both IPv4 and IPv6, or 2 IPv6 support with certain options...

K07127032: TMM vulnerability CVE-2019-6624

Security Advisory Description An undisclosed traffic pattern sent to a BIG-IP UDP virtual server may lead to a denial-of-service DoS, if that virtual server is configured with a Protocol setting of UDP and has an associated UDP Protocol Profile with the Datagram LB option enabled. CVE-2019-6624...

K15315: Java Open JDK vulnerability CVE-2014-0429

Security Advisory Description Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51. CVE-2014-0429 Impact None. No F5 products are affected by this vulnerability. Security Advisory Status To determine if your release is known...

K15316: PHP vulnerability CVE-2013-4635

Security Advisory Description Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service application hang via a large argument to the jdtojewish function...

K15314: OpenSSL vulnerability CVE-2011-4577

Security Advisory Description OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service assertion failure via an X.509 certificate containing certificate-extension data associated with 1 IP address blocks or 2 Autonomous...

K33820305: runc vulnerability CVE-2021-30465

Security Advisory Description runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack th...

K15892: Oracle Database Server vulnerabilities CVE-2013-3751, CVE-2013-3774, CVE-2014-4236, CVE-2014-4237, and CVE-2014-4245

Security Advisory Description CVE-2013-3751 Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-3774 Unspecified...

K15304: Linux kernel tcp_rcv_state_process vulnerability CVE-2012-6638

Security Advisory Description The tcprcvstateprocess function in net/ipv4/tcpinput.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service kernel resource consumption via a flood of SYN+FIN TCP packets. CVE-2012-6638 Impact Remote attackers may be able to cause a...

K15879: SOAP parser vulnerability CVE-2013-1824

Security Advisory Description The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the...

K15877: Apache vulnerability CVE-2013-1862

Security Advisory Description modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequen...

K15875: cURL vulnerability CVE-2013-1944

Security Advisory Description The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. CVE-2013-1944 Impact Allows unauthorized...

K15862: Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139

Security Advisory Description CVE-2014-0015 cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. CVE-2014-0138 The default configuration in...

K15685: Linux kernel vulnerability CVE-2014-3940

Security Advisory Description The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service memory corruption or system crash by accessing certain memory locations, as demonstrated by triggering a race condition v...

K15683: Ruby vulnerability CVE-2013-4073

Security Advisory Description The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509...

K6612: BIND 9: Multiple DoS vulnerabilities VU#697164 and VU#915404

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

K15663: MD2 Message-Digest Algorithm vulnerability CVE-2009-2409

Security Advisory Description The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2...

K15679: UEFI EDK2 Capsule Update vulnerabilities CVE-2014-4859 / CVE-2014-4860

Security Advisory Description CVE-2014-4859 During the Drive Execution Environment DXE phase of the UEFI boot process, the contents of the capsule image are parsed during processing. An integer overflow vulnerability exists in the capsule processing phase that can cause the allocation of a buffer...

K15677: Linux kernel vulnerability CVE-2014-4014

Security Advisory Description The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the...

K14468: Client-side component flaw CVE-2013-0150

Security Advisory Description A flaw in a BIG-IP APM or FirePass client-side F5-signed component may allow a third party to install files on the client machine. Impact Affected components may allow third party code execution on the affected client. There is no impact to the BIG-IP or FirePass hos...

K13233: TMM vulnerability CVE-2013-6016

Security Advisory Description The BIG-IP system may incorrectly transition a TCP connection to an ESTABLISHED state prior to receiving the appropriate ACK packet for the connection. As a result of this issue, you may encounter the following symptoms: The BIG-IP system sends a SIGFPE signal to the...

K3126: Large TCP window sizes may make it easier to predict sequence numbers vulnerability CVE-2004-0230

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribing to email notifications regarding F5 products. Note : Versions that are not listed in this article have not been evaluated for vulnerability to this securit...

K48321015: The BIG-IP Advanced WAF and ASM systems may fail to correctly enforce HTML form login pages

Security Advisory Description The BIG-IP Advanced WAF and ASM systems may fail to correctly enforce HTML form login pages when the request contains an incorrectly formatted parameter. This issue occurs when the security policy includes a configuration that enables brute force protection for the...

K30500703: TMUI vulnerability CVE-2018-5511

Security Advisory Description When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2018-5511 Impact This vulnerability allows a privilege...

K18304067: The BIG-IP ASM system may fail to properly mask the value of a configured sensitive positional parameter that appears in a Referer header

Security Advisory Description The BIG-IP ASM system may fail to properly mask the value of a configured sensitive positional parameter that appears in a Referer header. This issue occurs when all of the following conditions are met: You configure a positional parameter for an Allowed URL in the...

K39794285: The BIG-IP system may fail to properly parse HTTP headers that are prepended by whitespace (non RFC2616 compliant)

Security Advisory Description The BIG-IP system may fail to properly parse HTTP headers that are prepended by whitespace. This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. The BIG-IP system receives a specially crafted HTTP reques...

K39029022: Linux kernel vulnerability CVE-2021-37576

Security Advisory Description arch/powerpc/kvm/book3srtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtasargs.nargs, aka CID-f62f3c20647e. CVE-2021-37576 Impact There is no impact; F5 products are not affected by...

K12953: A Cross-Site Scripting (XSS) vulnerability exists in the BIG-IP ASM Web Scraping feature

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K17189: Apache HTTP server vulnerability CVE-2008-0456

Security Advisory Description CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP...

K17201: Apache HTTP server vulnerability CVE-2008-0455

Security Advisory Description Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitra...

K17200: PHP vulnerability CVE-2015-2783

Security Advisory Description ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read and application crash via a crafted length value in conjunction...

K17202: Apache HTTP server vulnerability CVE-2012-3502

Security Advisory Description The proxy functionality in 1 modproxyajp.c in the modproxyajp module and 2 modproxyhttp.c in the modproxyhttp module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remot...

K14059: CRIME vulnerability via the SPDY protocol CVE-2012-4930

Security Advisory Description The SPDY protocol 3, and earlier, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences during a series ...

K35246595: libarchive vulnerability CVE-2016-5418

Security Advisory Description The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. CVE-2016-5418 Impact BIG-IP On BIG-IP and VIPRION platforms that...

K17382: OpenSSL vulnerability CVE-2010-4252

Security Advisory Description OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in ea...

K23734425: BIG-IP Configuration utility vulnerability CVE-2019-6600

Security Advisory Description When remote authentication is enabled for administrative users and all external users are granted the “guest” role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients...

K17458: Linux kernel vulnerability CVE-2015-1805

Security Advisory Description The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or...

K17452: OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883

Security Advisory Description CVE-2001-0361 Implementations of SSH version 1.5, including 1 OpenSSH up to version 2.3.0, 2 AppGate, and 3 ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS1 version...

K17455: Multiple Jenkins vulnerabilities

Security Advisory Description CVE-2015-1806 It was found that the combination filter Groovy script could allow a remote attacker to potentially execute arbitrary code on a Jenkins master. CVE-2015-1807 It was found that when building artifacts, the Jenkins server would follow symbolic links,...

K17454: OpenSSL vulnerabilities CVE-2005-2946, CVE-2008-0891, and CVE-2012-2131

Security Advisory Description CVE-2005-2946 The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature...

K86285055: The BIG-IP ASM system may fail to mask sensitive parameter for an Allowed URL in the Referrer header and logs

Security Advisory Description The BIG-IP ASM system may fail to mask a sensitive parameter for an Allowed URL. This issue occurs when all of the following conditions are met: You configured an Allowed HTTP URL enabled with the following settings in a security policy: Check Flows to this URL URL i...

K88125023: Linux kernel vulnerabilities CVE-2019-16921, CVE-2019-18683, CVE-2019-18805

Security Advisory Description CVE-2019-16921 In the Linux kernel before 4.17, hnsroceallocucontext in drivers/infiniband/hw/hns/hnsrocemain.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813...

K12636: Slowloris denial-of-service attack vulnerability CVE-2007-6750

Security Advisory Description The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the modreqtimeout module in versions before 2.2.15. CVE-2007-6750 Impact The Slowlori...

K7528: Heap-based buffer overflow vulnerability in ActiveX control

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

K79531634: OpenSSL vulnerability CVE-2002-0655

Security Advisory Description OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. CVE-2002-0655 Impact There is no...