CVE-2020-5946
published 2020-11-05CVE-2020-5946: In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_advanced_waf | — | — |
| f5 | big-ip_advanced_web_application_firewall | < 15.1.1 | 15.1.1 |
| f5 | big-ip_advanced_web_application_firewall | >= 14.1.0 < 14.1.2.8 | 14.1.2.8 |
| f5 | big-ip_advanced_web_application_firewall | >= 16.0.0 < 16.0.1 | 16.0.1 |
| f5 | big-ip_fps | — | — |
| f5 | big-ip_fraud_protection_service | >= 14.1.0 < 14.1.2.8 | 14.1.2.8 |
| f5 | big-ip_fraud_protection_service | >= 15.1.0 < 15.1.1 | 15.1.1 |
| f5 | big-ip_fraud_protection_service | >= 16.0.0 < 16.0.1 | 16.0.1 |