F5 Big-Ip Asm vulnerabilities

CVE-2017-6137 [MEDIUM] CVE-2017-6137: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, a... CVE-2017-6137: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, a... In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed t

CVE-2017-6128 [HIGH] CVE-2017-6128: An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise... CVE-2017-6128: An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise... An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM,

CVE-2016-9252 [HIGH] CWE-19 CVE-2016-9252: The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11 CVE-2016-9252: The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11 The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. Affected Products: BIG-IP AAM, BIG-IP

CVE-2016-7474 [MEDIUM] CWE-200 CVE-2016-7474: In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges t... CVE-2016-7474: In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges t... In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.

CVE-2016-7468 [MEDIUM] CWE-284 CVE-2016-7468: An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11 CVE-2016-7468: An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11 An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable

CVE-2016-9245 [MEDIUM] CWE-284 CVE-2016-9245: In F5 BIG-IP systems 12 CVE-2016-9245: In F5 BIG-IP systems 12 In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG

CVE-2016-6249 [MEDIUM] CWE-200 CVE-2016-6249: F5 BIG-IP 12 CVE-2016-6249: F5 BIG-IP 12 F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controll

CVE-2016-9244 [HIGH] CWE-200 CVE-2016-9244: A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled ... CVE-2016-9244: A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled ... A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit th

CVE-2016-9249 [HIGH] CWE-20 CVE-2016-9249: An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic M... CVE-2016-9249: An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic M... An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). A

CVE-2016-9247 [MEDIUM] CWE-20 CVE-2016-9247: Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytic... CVE-2016-9247: Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytic... Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Micro

CVE-2016-5024 [MEDIUM] CWE-20 CVE-2016-5024: Virtual servers in F5 BIG-IP systems 11 CVE-2016-5024: Virtual servers in F5 BIG-IP systems 11 Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP D