CVE-2018-5504: In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote…

high8.1CVSS 3.0

AVNACHPRNUINSUCHIHAH

In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.

Affected

38 ranges· showing 25

Vendor	Product	Version range	Fixed in
f5	big-ip_aam	—	—
f5	big-ip_access_policy_manager	>= 12.1.0 < 12.1.3.2	12.1.3.2
f5	big-ip_access_policy_manager	>= 13.0.0 < 13.1.0.4	13.1.0.4
f5	big-ip_advanced_firewall_manager	12.1.0 – 12.1.3.2	—
f5	big-ip_advanced_firewall_manager	>= 13.0.0 < 13.1.0.4	13.1.0.4
f5	big-ip_afm	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	>= 12.1.0 < 12.1.3.2	12.1.3.2
f5	big-ip_analytics	>= 13.0.0 < 13.1.0.4	13.1.0.4
f5	big-ip_apm	—	—
f5	big-ip_application_acceleration_manager	>= 12.1.0 < 12.1.3.2	12.1.3.2
f5	big-ip_application_acceleration_manager	>= 13.0.0 < 13.1.0.4	13.1.0.4
f5	big-ip_application_security_manager	>= 12.1.0 < 12.1.3.2	12.1.3.2
f5	big-ip_application_security_manager	>= 13.0.0 < 13.1.0.4	13.1.0.4
f5	big-ip_asm	—	—
f5	big-ip_dns	—	—
f5	big-ip_domain_name_system	>= 12.1.0 < 12.1.3.2	12.1.3.2
f5	big-ip_domain_name_system	13.0.0 – 13.1.0.4	—
f5	big-ip_edge_gateway	—	—
f5	big-ip_edge_gateway	>= 12.1.0 < 12.1.3.2	12.1.3.2
f5	big-ip_edge_gateway	>= 13.0.0 < 13.1.0.4	13.1.0.4
f5	big-ip_global_traffic_manager	>= 12.1.0 < 12.1.3.2	12.1.3.2
f5	big-ip_global_traffic_manager	>= 13.0.0 < 13.1.0.4	13.1.0.4
f5	big-ip_gtm	—	—
f5	big-ip_link_controller	—	—