Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for BIG-IP by F5 Networks, Inc.
CVE-2016-7475 (GCVE-0-2016-7475)
Vulnerability from nvd – Published: 2018-10-08 19:00 – Updated: 2024-09-17 01:15
VLAI?
Summary
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP |
Affected:
12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1
|
Date Public ?
2017-03-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K01587042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1"
}
]
}
],
"datePublic": "2017-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-08T18:57:01.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K01587042"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-03-15T00:00:00",
"ID": "CVE-2016-7475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K01587042",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K01587042"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2016-7475",
"datePublished": "2018-10-08T19:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:15:55.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9250 (GCVE-0-2016-9250)
Vulnerability from nvd – Published: 2017-05-10 14:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Deletion via Undisclosed Mechanism
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP |
Affected:
11.2.1
Affected: 11.4.0-11.6.1 Affected: 12.0.0-12.1.2 |
Date Public ?
2017-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K55792317"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.4.0-11.6.1"
},
{
"status": "affected",
"version": "12.0.0-12.1.2"
}
]
}
],
"datePublic": "2017-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Deletion via Undisclosed Mechanism",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-10T12:57:01.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K55792317"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2016-9250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "11.2.1"
},
{
"version_value": "11.4.0-11.6.1"
},
{
"version_value": "12.0.0-12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Deletion via Undisclosed Mechanism"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K55792317",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K55792317"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2016-9250",
"datePublished": "2017-05-10T14:00:00.000Z",
"dateReserved": "2016-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:42:11.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9256 (GCVE-0-2016-9256)
Vulnerability from nvd – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.
Severity ?
No CVSS data available.
CWE
- iControl vulnerability CVE-2016-9256
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP |
Affected:
12.1.0-12.1.2
|
Date Public ?
2017-02-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K47284724"
},
{
"name": "96464",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96464"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.1.0-12.1.2"
}
]
}
],
"datePublic": "2017-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user\u0027s next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "iControl vulnerability CVE-2016-9256",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-10T09:57:01.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K47284724"
},
{
"name": "96464",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96464"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2016-9256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "12.1.0-12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user\u0027s next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "iControl vulnerability CVE-2016-9256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K47284724",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K47284724"
},
{
"name": "96464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96464"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2016-9256",
"datePublished": "2017-05-09T15:00:00.000Z",
"dateReserved": "2016-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:42:11.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9253 (GCVE-0-2016-9253)
Vulnerability from nvd – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.
Severity ?
No CVSS data available.
CWE
- Websocket profile vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP |
Affected:
12.1.0-12.1.2
|
Date Public ?
2017-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K51351360"
},
{
"name": "1038415",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.1.0-12.1.2"
}
]
}
],
"datePublic": "2017-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Websocket profile vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K51351360"
},
{
"name": "1038415",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038415"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2016-9253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "12.1.0-12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Websocket profile vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K51351360",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K51351360"
},
{
"name": "1038415",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038415"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2016-9253",
"datePublished": "2017-05-09T15:00:00.000Z",
"dateReserved": "2016-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:42:11.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9251 (GCVE-0-2016-9251)
Vulnerability from nvd – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.
Severity ?
No CVSS data available.
CWE
- Undisclosed privilege escalation in iControl Rest
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP |
Affected:
12.0.0 - 12.1.2
|
Date Public ?
2017-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K41107914"
},
{
"name": "1038414",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038414"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.0.0 - 12.1.2"
}
]
}
],
"datePublic": "2017-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Undisclosed privilege escalation in iControl Rest",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K41107914"
},
{
"name": "1038414",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038414"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2016-9251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "12.0.0 - 12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Undisclosed privilege escalation in iControl Rest"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K41107914",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K41107914"
},
{
"name": "1038414",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038414"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2016-9251",
"datePublished": "2017-05-09T15:00:00.000Z",
"dateReserved": "2016-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:42:11.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7475 (GCVE-0-2016-7475)
Vulnerability from cvelistv5 – Published: 2018-10-08 19:00 – Updated: 2024-09-17 01:15
VLAI?
Summary
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP |
Affected:
12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1
|
Date Public ?
2017-03-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K01587042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1"
}
]
}
],
"datePublic": "2017-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-08T18:57:01.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K01587042"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-03-15T00:00:00",
"ID": "CVE-2016-7475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "12.0.0-12.1.0, 11.6.0-11.6.1, 11.4.0-11.5.4 HF1"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K01587042",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K01587042"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2016-7475",
"datePublished": "2018-10-08T19:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:15:55.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9250 (GCVE-0-2016-9250)
Vulnerability from cvelistv5 – Published: 2017-05-10 14:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Deletion via Undisclosed Mechanism
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP |
Affected:
11.2.1
Affected: 11.4.0-11.6.1 Affected: 12.0.0-12.1.2 |
Date Public ?
2017-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K55792317"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.4.0-11.6.1"
},
{
"status": "affected",
"version": "12.0.0-12.1.2"
}
]
}
],
"datePublic": "2017-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Deletion via Undisclosed Mechanism",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-10T12:57:01.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K55792317"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2016-9250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "11.2.1"
},
{
"version_value": "11.4.0-11.6.1"
},
{
"version_value": "12.0.0-12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Deletion via Undisclosed Mechanism"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K55792317",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K55792317"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2016-9250",
"datePublished": "2017-05-10T14:00:00.000Z",
"dateReserved": "2016-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:42:11.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9253 (GCVE-0-2016-9253)
Vulnerability from cvelistv5 – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.
Severity ?
No CVSS data available.
CWE
- Websocket profile vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP |
Affected:
12.1.0-12.1.2
|
Date Public ?
2017-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K51351360"
},
{
"name": "1038415",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.1.0-12.1.2"
}
]
}
],
"datePublic": "2017-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Websocket profile vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K51351360"
},
{
"name": "1038415",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038415"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2016-9253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "12.1.0-12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Websocket profile vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K51351360",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K51351360"
},
{
"name": "1038415",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038415"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2016-9253",
"datePublished": "2017-05-09T15:00:00.000Z",
"dateReserved": "2016-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:42:11.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9251 (GCVE-0-2016-9251)
Vulnerability from cvelistv5 – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.
Severity ?
No CVSS data available.
CWE
- Undisclosed privilege escalation in iControl Rest
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP |
Affected:
12.0.0 - 12.1.2
|
Date Public ?
2017-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K41107914"
},
{
"name": "1038414",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038414"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.0.0 - 12.1.2"
}
]
}
],
"datePublic": "2017-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Undisclosed privilege escalation in iControl Rest",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K41107914"
},
{
"name": "1038414",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038414"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2016-9251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "12.0.0 - 12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Undisclosed privilege escalation in iControl Rest"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K41107914",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K41107914"
},
{
"name": "1038414",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038414"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2016-9251",
"datePublished": "2017-05-09T15:00:00.000Z",
"dateReserved": "2016-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:42:11.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9256 (GCVE-0-2016-9256)
Vulnerability from cvelistv5 – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.
Severity ?
No CVSS data available.
CWE
- iControl vulnerability CVE-2016-9256
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP |
Affected:
12.1.0-12.1.2
|
Date Public ?
2017-02-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K47284724"
},
{
"name": "96464",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96464"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.1.0-12.1.2"
}
]
}
],
"datePublic": "2017-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user\u0027s next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "iControl vulnerability CVE-2016-9256",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-10T09:57:01.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K47284724"
},
{
"name": "96464",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96464"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2016-9256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "12.1.0-12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user\u0027s next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "iControl vulnerability CVE-2016-9256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K47284724",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K47284724"
},
{
"name": "96464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96464"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2016-9256",
"datePublished": "2017-05-09T15:00:00.000Z",
"dateReserved": "2016-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:42:11.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}