Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for BIG-IP (ASM) by F5

    CVE-2019-6637 (GCVE-0-2019-6637)

    Vulnerability from nvd – Published: 2019-07-03 18:20 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of "Guest" or greater privilege. Note: "No Access" cannot login so technically it's a role but a user with this access role cannot perform the attack.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K29149494 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/109091 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 BIG-IP (ASM) Affected: BIG-IP (ASM) 14.1.0-14.1.0.5
    Affected: 14.0.0-14.0.0.4
    Affected: 13.0.0-13.1.1.4
    Affected: 12.1.0-12.1.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:22.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K29149494"
              },
              {
                "name": "109091",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109091"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (ASM)",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIG-IP (ASM) 14.1.0-14.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "14.0.0-14.0.0.4"
                },
                {
                  "status": "affected",
                  "version": "13.0.0-13.1.1.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-10T16:06:15.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K29149494"
            },
            {
              "name": "109091",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109091"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2019-6637",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (ASM)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIG-IP (ASM) 14.1.0-14.1.0.5"
                              },
                              {
                                "version_value": "14.0.0-14.0.0.4"
                              },
                              {
                                "version_value": "13.0.0-13.1.1.4"
                              },
                              {
                                "version_value": "12.1.0-12.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K29149494",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K29149494"
                },
                {
                  "name": "109091",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109091"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2019-6637",
        "datePublished": "2019-07-03T18:20:18.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:22.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6637 (GCVE-0-2019-6637)

    Vulnerability from cvelistv5 – Published: 2019-07-03 18:20 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of "Guest" or greater privilege. Note: "No Access" cannot login so technically it's a role but a user with this access role cannot perform the attack.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K29149494 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/109091 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 BIG-IP (ASM) Affected: BIG-IP (ASM) 14.1.0-14.1.0.5
    Affected: 14.0.0-14.0.0.4
    Affected: 13.0.0-13.1.1.4
    Affected: 12.1.0-12.1.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:22.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K29149494"
              },
              {
                "name": "109091",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109091"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (ASM)",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIG-IP (ASM) 14.1.0-14.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "14.0.0-14.0.0.4"
                },
                {
                  "status": "affected",
                  "version": "13.0.0-13.1.1.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-10T16:06:15.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K29149494"
            },
            {
              "name": "109091",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109091"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2019-6637",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (ASM)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIG-IP (ASM) 14.1.0-14.1.0.5"
                              },
                              {
                                "version_value": "14.0.0-14.0.0.4"
                              },
                              {
                                "version_value": "13.0.0-13.1.1.4"
                              },
                              {
                                "version_value": "12.1.0-12.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K29149494",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K29149494"
                },
                {
                  "name": "109091",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109091"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2019-6637",
        "datePublished": "2019-07-03T18:20:18.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:22.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }