K5278: Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

K38243073: BIG-IP ASM data processing vulnerability CVE-2017-6154

Security Advisory Description The BIG-IP ASM bd process may produce a core file under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. CVE-2017-6154 Impact The BIG-IP ASMbd process produces a core file, interrupting traffic processing and causing ...

K93504311: TMM vulnerability CVE-2022-34655

Security Advisory Description When an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel TMM to terminate. CVE-2022-34655 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a...

K02433339: Linux kernel vulnerability CVE-2017-15128

Security Advisory Description A flaw was found in the hugetlbmcopyatomicpte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service BUG. CVE-2017-15128 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

K37540306: Mozilla Network Security Services use-after-free vulnerability CVE-2016-1978

Security Advisory Description Use-after-free vulnerability in the ssl3HandleECDHServerKeyExchange function in Mozilla Network Security Services NSS before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact b...

K10898: DNSSEC BIND vulnerability - CVE-2009-4022

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

K7164: Execution of UNIX shell commands from a URL without authentication

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K6634: pam_ldap vulnerability - CVE-2005-2641

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

K15797: Linux kernel vulnerability CVE-2012-4461

Security Advisory Description The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service kernel OOPS by using the KVMSETSREGS ioctl to set the X86CR4OSXSAVE bit in the guest cr4 register, then...

K16120: OpenSSL vulnerability CVE-2014-3570

Security Advisory Description The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified...

K15782: SQL injection vulnerability CVE-2014-3704

Security Advisory Description The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. CVE-2014-3704 Impact None...

K15780: OpenSSH vulnerabilities CVE-2014-2532 and CVE-2014-2653

Security Advisory Description CVE-2014-2653 The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. CVE-2014-2532 sshd in OpenSSH before 6.6 does not...

K50899356: file vulnerability CVE-2018-10360

Security Advisory Description The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360 Impact This vulnerability may allow a remote attacker to cause a...

K5165: rsync directory traversal vulnerability CAN-2004-0792

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K34352169: Apache Struts vulnerability CVE-2012-0393

Security Advisory Description The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. CVE-2012-0393...

K17527: NTP vulnerability CVE-2015-7705

Security Advisory Description The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. CVE-2015-7705 Impact An attacker with the ability to spoof multiple client requests may be able to...

K17522: NTP vulnerability CVE-2015-7851

Security Advisory Description Directory traversal vulnerability in the saveconfig function in ntpd in ntpcontrol.c in NTP before 4.2.8p4, when used on systems that do not use '' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary...

K17521: NTP vulnerability CVE-2015-7849

Security Advisory Description Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service crash via crafted packets. CVE-2015-7849 Impact There is no impact; F5 products...

K1882: Buffer Overflows in DNS Resolver Libraries vulnerability CAN-2002-19

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

K17173: OpenJDK vulnerability CVE-2015-4760

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-4760. Impact When your system is exploited by a locally authenticated attacker,...

K16718: libTIFF vulnerability CVE-2010-2596

Security Advisory Description The OJPEGPostDecode function in tifojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted TIFF image, related to "downsampled OJPEG input." CVE-2010-2596 Impact...

K16716: Multiple Mozilla NSS vulnerabilities

Security Advisory Description CVE-2013-1740 The sslDo1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services NSS before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate...

K16674: TLS vulnerability CVE-2015-4000

Security Advisory Description The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE...

K31301245: TMUI CSRF vulnerability CVE-2020-5904

Security Advisory Description A cross-site request forgery CSRF vulnerability in the Traffic Management User Interface TMUI, also referred to as the Configuration utility, exists in an undisclosed page. CVE-2020-5904 Impact An attacker may be able to use the session of an administrator user to...

K6592: Cross-Site Scripting vulnerability in the logon page

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K12567: BIND vulnerability CVE-2010-3614

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K33023560: BIG-IP APM Linux Edge Client logging vulnerability CVE-2020-5908

Security Advisory Description BIG-IP APM Edge Client for Linux exposes the full session ID in the local log files. CVE-2020-5908 Impact This vulnerability may allow unauthorized disclosure of the BIG-IP APM session ID and expose sensitive information to the user of the client device. Security...

K32743437: OpenSSL vulnerability CVE-2016-7056

Security Advisory Description A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. CVE-2016-7056 Impact A malicious user with local access can recover Elliptic Curve Digital Signature Algorithm ECDSA...

K21462542: OpenSSL vulnerability CVE-2017-3735

Security Advisory Description While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then...

K22216037: TMM vulnerability CVE-2016-9245

Security Advisory Description Malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules...

K22454130: Linux kernel vulnerability CVE-2020-29534

Security Advisory Description An issue was discovered in the Linux kernel before 5.9.3. iouring takes a non-refcounted reference to the filesstruct of the process that submitted a request, causing execve to incorrectly optimize unsharefd, aka CID-0f2122045b94. CVE-2020-29534 Impact There is no...

K15158: OpenSSL vulnerability CVE-2013-6450

Security Advisory Description The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and...

K15110: PHP Vulnerability CVE-2013-6420

Security Advisory Description The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cau...

K15169: PHP vulnerability CVE-2013-4113

Security Advisory Description ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct...

K81601350: BIG-IP PEM vulnerability CVE-2017-6144

Security Advisory Description When downloading the Type Allocation Code TAC database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PE...

K77241314: Python vulnerability CVE-2013-7440

Security Advisory Description The ssl.matchhostname function in CPython aka Python before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. CVE-2013-7440 Impact There is no impact; ...

K70415522: TMM vulnerability CVE-2021-23035

Security Advisory Description When an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23035 Impact Traffic is disrupted while the TMM process restarts. This vulnerabilit...

K53442005: BIG-IP VE vulnerability CVE-2022-23030

Security Advisory Description When the BIG-IP Virtual Edition VE uses the ixlv driver which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor and TCP Segmentation Offload configuration is enabled, undisclosed requests may cause an increase in...

K5835: Security Advisory: Possible kernel memory vulnerability in the sendfile() system call - CVE-2005-0708

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to K4602:...

K23876153: BIG-IP APM Edge Client logging vulnerability CVE-2019-6656

Security Advisory Description BIG-IP APM Edge Client logs the full BIG-IP APM session ID in the log files. CVE-2019-6656 Impact This vulnerability may allow unauthorized disclosure of the BIG-IP APM session ID and expose sensitive information to the user of the client device. Security Advisory...

K15532: XSS vulnerability in echo.jsp CVE-2014-4023

Security Advisory Description A cross-site scripting XSS vulnerability exists in tmui/dashboard/echo.jsp for the BIG-IP Configuration utility and the Enterprise Manager Configuration utility. Impact Some echo.jsp parameters may allow an attacker to bypass cross-site scripting XSS protection...

K15513: LZ4 vulnerability CVE-2014-4611

Security Advisory Description Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial ...

K23278332: A DNS over TCP packet is not rate-limited accurately using the single-endpoint DoS device flood vector

Security Advisory Description This issue occurs when all of the following conditions are met: Setting the correct DNS packet type in the denial-of-service DoS device sweep or flood vector. Matching traffic sends DNS over TCP. Impact The mitigation for DNS over TCP packets is not working as expect...

K15500: SSL acceleration card timing vulnerability CVE-2014-4024

Security Advisory Description SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer SSL accelerator cards, might...

K15305: OpenSSL vulnerability CVE-2004-0975

Security Advisory Description The derchop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. CVE-2004-0975 Impact None. F5 products are not affected by this vulnerability...

K01226413: The BIG-IP APM PingAccess component caching vulnerability may lead to user impersonation

Security Advisory Description This issue occurs when all of the following conditions are met: You configure Ping Identity Services in the BIG-IP APM system for user authentication and authorization. You are running a BIG-IP APM version using the Ping Access SDK that is vulnerable. Impact This...

K15250: BIND vulnerability CVE-2014-3214

Security Advisory Description The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a DNS query that triggers a response with unspecified attributes...

K17155: TMM vulnerability CVE-2015-4638

Security Advisory Description The Traffic Management Microkernel TMM may restart and produce a core file when a FastL4 virtual server processes a fragmented packet. CVE-2015-4638 Impact The Traffic Management Microkernel TMM may restart and temporarily fail to process traffic. Security Advisory...

K17156: PHP vulnerability CVE-2014-5298

Security Advisory Description FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains...

K17136: Java and JRockit vulnerabilities CVE-2015-0478 and CVE-2015-0488

Security Advisory Description CVE-2015-0478 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.Per Oracle: Applies to client and server deployment of Java. This vulnerability c...