Big-ip Advanced Firewall Manager@13.0.0 Security Vulnerabilities and Issues — Big-ip Advanced Firewall Manager@13.0.0 CVE List

Lucene search

F5Big-ip Advanced Firewall Manager13.0.0

17 matches found

CVE•added 2018/06/01 2:29 p.m.•57 views

CVE-2017-6153

Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack.

5.3CVSS5.3AI score0.00604EPSS

CVE•added 2018/04/13 1:29 p.m.•54 views

CVE-2018-5511

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

7.2CVSS7AI score0.0604EPSS

CVE•added 2018/04/13 1:29 p.m.•51 views

CVE-2017-6155

On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure.

7.5CVSS7.4AI score0.00647EPSS

CVE•added 2018/04/13 1:29 p.m.•49 views

CVE-2017-6148

Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane is ...

7.5CVSS7.5AI score0.00647EPSS

CVE•added 2018/06/01 2:29 p.m.•49 views

CVE-2018-5525

A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive custom...

4.3CVSS4.5AI score0.00162EPSS

CVE•added 2018/03/01 4:29 p.m.•48 views

CVE-2017-6150

Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).

7.8CVSS7.5AI score0.00588EPSS

CVE•added 2018/06/01 2:29 p.m.•47 views

CVE-2018-5523

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on ...

7.2CVSS6.9AI score0.00417EPSS

CVE•added 2018/07/19 2:29 p.m.•47 views

CVE-2018-5534

Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

7.5CVSS7.5AI score0.00749EPSS

CVE•added 2018/07/19 2:29 p.m.•45 views

CVE-2018-5533

Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

7.5CVSS7.5AI score0.00749EPSS

CVE•added 2018/07/19 2:29 p.m.•44 views

CVE-2018-5532

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.

5.3CVSS5.2AI score0.00387EPSS

CVE•added 2018/01/19 2:29 p.m.•43 views

CVE-2017-6142

X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP.

5.8CVSS5.2AI score0.00098EPSS

CVE•added 2018/06/01 2:29 p.m.•43 views

CVE-2018-5522

On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.

5.9CVSS5.7AI score0.00675EPSS

CVE•added 2018/03/01 4:29 p.m.•42 views

CVE-2018-5500

On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.

5.9CVSS5.7AI score0.00675EPSS

CVE•added 2018/06/01 2:29 p.m.•42 views

CVE-2018-5513

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted...

7.5CVSS7.3AI score0.00749EPSS

CVE•added 2018/03/01 4:29 p.m.•40 views

CVE-2018-5501

In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.

5.9CVSS5.7AI score0.00891EPSS

CVE•added 2018/04/13 1:29 p.m.•39 views

CVE-2018-5506

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication b...

9.8CVSS9.6AI score0.00204EPSS

CVE•added 2018/04/13 1:29 p.m.•38 views

CVE-2018-5507

On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU.

7.5CVSS7.5AI score0.00537EPSS