CVE-2017-6169Improper Input Validation in Networks INC Big-ip PEM

CWE-20Improper Input Validation4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.7%
top 28.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Networks INC Big-ip PEMF5 Big-ip Policy Enforcement Manager
Timeline
PublishedFeb 6
Latest updateMay 14

Description

In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages2 packages

CVEListV5f5_networks_inc/big-ip_pem11.6.0-11.6.2, 12.0.0-12.1.3, 13.0.0+2

🔴Vulnerability Details

2
GHSA
GHSA-gfm6-wg4x-3jvg: In versions 132022-05-14
CVEList
CVE-2017-6169: In versions 132018-02-06

📋Vendor Advisories

1
F5
CVE-2017-6169: In versions 132018-02-06
CVE-2017-6169 — Improper Input Validation | cvebase