Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for BIG-IP by F5 Networks, Inc.

    CVE-2016-7475 (GCVE-0-2016-7475)

    Vulnerability from nvd – Published: 2018-10-08 19:00 – Updated: 2024-09-17 01:15
    VLAI
    Summary
    Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K01587042 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP Affected: 12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1
    Create a notification for this product.
    Date Public
    2017-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K01587042"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1"
                }
              ]
            }
          ],
          "datePublic": "2017-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-08T18:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K01587042"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-03-15T00:00:00",
              "ID": "CVE-2016-7475",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K01587042",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K01587042"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-7475",
        "datePublished": "2018-10-08T19:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:15:55.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9250 (GCVE-0-2016-9250)

    Vulnerability from nvd – Published: 2017-05-10 14:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary File Deletion via Undisclosed Mechanism
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K55792317 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP Affected: 11.2.1
    Affected: 11.4.0-11.6.1
    Affected: 12.0.0-12.1.2
    Create a notification for this product.
    Date Public
    2017-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.205Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K55792317"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.4.0-11.6.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.0-12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary File Deletion via Undisclosed Mechanism",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-10T12:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K55792317"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2016-9250",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.2.1"
                              },
                              {
                                "version_value": "11.4.0-11.6.1"
                              },
                              {
                                "version_value": "12.0.0-12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary File Deletion via Undisclosed Mechanism"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K55792317",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K55792317"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-9250",
        "datePublished": "2017-05-10T14:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9256 (GCVE-0-2016-9256)

    Vulnerability from nvd – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.
    Severity
    No CVSS data available.
    CWE
    • iControl vulnerability CVE-2016-9256
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K47284724 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/96464 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP Affected: 12.1.0-12.1.2
    Create a notification for this product.
    Date Public
    2017-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.288Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K47284724"
              },
              {
                "name": "96464",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96464"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user\u0027s next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "iControl vulnerability CVE-2016-9256",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-10T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K47284724"
            },
            {
              "name": "96464",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96464"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2016-9256",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.1.0-12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user\u0027s next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "iControl vulnerability CVE-2016-9256"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K47284724",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K47284724"
                },
                {
                  "name": "96464",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96464"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-9256",
        "datePublished": "2017-05-09T15:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9253 (GCVE-0-2016-9253)

    Vulnerability from nvd – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.
    Severity
    No CVSS data available.
    CWE
    • Websocket profile vulnerability
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K51351360 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038415 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP Affected: 12.1.0-12.1.2
    Create a notification for this product.
    Date Public
    2017-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K51351360"
              },
              {
                "name": "1038415",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038415"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Websocket profile vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K51351360"
            },
            {
              "name": "1038415",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038415"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2016-9253",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.1.0-12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Websocket profile vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K51351360",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K51351360"
                },
                {
                  "name": "1038415",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038415"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-9253",
        "datePublished": "2017-05-09T15:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9251 (GCVE-0-2016-9251)

    Vulnerability from nvd – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.
    Severity
    No CVSS data available.
    CWE
    • Undisclosed privilege escalation in iControl Rest
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K41107914 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038414 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP Affected: 12.0.0 - 12.1.2
    Create a notification for this product.
    Date Public
    2017-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K41107914"
              },
              {
                "name": "1038414",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038414"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Undisclosed privilege escalation in iControl Rest",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K41107914"
            },
            {
              "name": "1038414",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038414"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2016-9251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.0.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Undisclosed privilege escalation in iControl Rest"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K41107914",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K41107914"
                },
                {
                  "name": "1038414",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038414"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-9251",
        "datePublished": "2017-05-09T15:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7475 (GCVE-0-2016-7475)

    Vulnerability from cvelistv5 – Published: 2018-10-08 19:00 – Updated: 2024-09-17 01:15
    VLAI
    Summary
    Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K01587042 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP Affected: 12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1
    Create a notification for this product.
    Date Public
    2017-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K01587042"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1"
                }
              ]
            }
          ],
          "datePublic": "2017-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-08T18:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K01587042"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-03-15T00:00:00",
              "ID": "CVE-2016-7475",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K01587042",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K01587042"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-7475",
        "datePublished": "2018-10-08T19:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:15:55.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9250 (GCVE-0-2016-9250)

    Vulnerability from cvelistv5 – Published: 2017-05-10 14:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary File Deletion via Undisclosed Mechanism
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K55792317 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP Affected: 11.2.1
    Affected: 11.4.0-11.6.1
    Affected: 12.0.0-12.1.2
    Create a notification for this product.
    Date Public
    2017-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.205Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K55792317"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.4.0-11.6.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.0-12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary File Deletion via Undisclosed Mechanism",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-10T12:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K55792317"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2016-9250",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.2.1"
                              },
                              {
                                "version_value": "11.4.0-11.6.1"
                              },
                              {
                                "version_value": "12.0.0-12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary File Deletion via Undisclosed Mechanism"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K55792317",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K55792317"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-9250",
        "datePublished": "2017-05-10T14:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9253 (GCVE-0-2016-9253)

    Vulnerability from cvelistv5 – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.
    Severity
    No CVSS data available.
    CWE
    • Websocket profile vulnerability
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K51351360 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038415 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP Affected: 12.1.0-12.1.2
    Create a notification for this product.
    Date Public
    2017-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K51351360"
              },
              {
                "name": "1038415",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038415"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Websocket profile vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K51351360"
            },
            {
              "name": "1038415",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038415"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2016-9253",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.1.0-12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Websocket profile vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K51351360",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K51351360"
                },
                {
                  "name": "1038415",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038415"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-9253",
        "datePublished": "2017-05-09T15:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9256 (GCVE-0-2016-9256)

    Vulnerability from cvelistv5 – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.
    Severity
    No CVSS data available.
    CWE
    • iControl vulnerability CVE-2016-9256
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K47284724 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/96464 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP Affected: 12.1.0-12.1.2
    Create a notification for this product.
    Date Public
    2017-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.288Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K47284724"
              },
              {
                "name": "96464",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96464"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user\u0027s next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "iControl vulnerability CVE-2016-9256",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-10T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K47284724"
            },
            {
              "name": "96464",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96464"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2016-9256",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.1.0-12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user\u0027s next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "iControl vulnerability CVE-2016-9256"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K47284724",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K47284724"
                },
                {
                  "name": "96464",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96464"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-9256",
        "datePublished": "2017-05-09T15:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9251 (GCVE-0-2016-9251)

    Vulnerability from cvelistv5 – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.
    Severity
    No CVSS data available.
    CWE
    • Undisclosed privilege escalation in iControl Rest
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K41107914 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038414 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP Affected: 12.0.0 - 12.1.2
    Create a notification for this product.
    Date Public
    2017-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K41107914"
              },
              {
                "name": "1038414",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038414"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Undisclosed privilege escalation in iControl Rest",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K41107914"
            },
            {
              "name": "1038414",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038414"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2016-9251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.0.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Undisclosed privilege escalation in iControl Rest"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K41107914",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K41107914"
                },
                {
                  "name": "1038414",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038414"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-9251",
        "datePublished": "2017-05-09T15:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }