F5 Big-Ip Asm vulnerabilities

CVE-2017-6143 [MEDIUM] CWE-295 CVE-2017-6143: X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence f... CVE-2017-6143: X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence f... X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly valida

CVE-2017-6156 [MEDIUM] CVE-2017-6156: When the F5 BIG-IP 12 CVE-2017-6156: When the F5 BIG-IP 12 When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment t

CVE-2016-7472 [HIGH] CWE-20 CVE-2016-7472: F5 BIG-IP ASM version 12 CVE-2016-7472: F5 BIG-IP ASM version 12 F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request. Affected Products: BIG-IP ASM Affected Versions: 12.1.0; 12.1.1 F5 Advisory Articles: K17119920 F5 References: https://support.f5.com/csp/article/K17119920

CVE-2018-5509 [HIGH] CWE-20 CVE-2018-5509: On F5 BIG-IP versions 13 CVE-2018-5509: On F5 BIG-IP versions 13 On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG

CVE-2018-5504 [HIGH] CVE-2018-5504: In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets... CVE-2018-5504: In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets... In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or

CVE-2018-5502 [HIGH] CWE-295 CVE-2018-5502: On F5 BIG-IP versions 13 CVE-2018-5502: On F5 BIG-IP versions 13 On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control

CVE-2018-5505 [MEDIUM] CVE-2018-5505: On F5 BIG-IP versions 13 CVE-2018-5505: On F5 BIG-IP versions 13 On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP. Affected Products: BIG-IP ASM, BIG-IP Analytics Affected Versions: 13.1.0 - 13.1.0.4 F5 Advisory Articles: K23520761 F5 References: https://support.f5.com/csp/article/K2352

CVE-2017-6154 [HIGH] CWE-20 CVE-2017-6154: On F5 BIG-IP systems running 13 CVE-2017-6154: On F5 BIG-IP systems running 13 On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. Affected Products: BIG-IP ASM Affected Versions: 11.6.1 - 11.6.2; 12.1.0 - 12.1.3.1; 13.0.0 F5 Advisory Articles: K38243073 F5 References: https://su

CVE-2017-6150 [HIGH] CWE-20 CVE-2017-6150: Under certain conditions for F5 BIG-IP systems 13 CVE-2017-6150: Under certain conditions for F5 BIG-IP systems 13 Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM). Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics,

CVE-2018-5501 [MEDIUM] CWE-400 CVE-2018-5501: In some circumstances, on F5 BIG-IP systems running 13 CVE-2018-5501: In some circumstances, on F5 BIG-IP systems running 13 In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-I

CVE-2018-5500 [MEDIUM] CWE-400 CVE-2018-5500: On F5 BIG-IP systems running 13 CVE-2018-5500: On F5 BIG-IP systems running 13 On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP Edge Gateway,

CVE-2017-6138 [HIGH] CWE-20 CVE-2017-6138: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13 CVE-2017-6138: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TM

CVE-2017-6140 [HIGH] CWE-20 CVE-2017-6140: On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running... CVE-2017-6140: On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running... On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 1

CVE-2017-6133 [HIGH] CWE-20 CVE-2017-6133: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13 CVE-2017-6133: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. Affected Products: BIG-IP AAM, BIG-IP

CVE-2017-6135 [HIGH] CWE-772 CVE-2017-6135: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13 CVE-2017-6135: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port o

CVE-2017-6151 [HIGH] CVE-2017-6151: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and Web... CVE-2017-6151: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and Web... In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which m

CVE-2017-6164 [HIGH] CWE-20 CVE-2017-6164: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and Web... CVE-2017-6164: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and Web... In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4

CVE-2017-6132 [HIGH] CWE-20 CVE-2017-6132: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13 CVE-2017-6132: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to B

CVE-2017-6167 [HIGH] CWE-362 CVE-2017-6167: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13 CVE-2017-6167: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege

CVE-2017-6136 [MEDIUM] CWE-20 CVE-2017-6136: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13 CVE-2017-6136: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast