Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for BIG-IP APM by F5 Networks, Inc.

    CVE-2018-5549 (GCVE-0-2018-5549)

    Vulnerability from nvd – Published: 2018-09-13 14:00 – Updated: 2024-09-16 19:31
    VLAI
    Summary
    On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K05018525 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105345 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, 13.1.0-13.1.0.3
    Create a notification for this product.
    Date Public
    2018-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.821Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K05018525"
              },
              {
                "name": "105345",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105345"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, 13.1.0-13.1.0.3"
                }
              ]
            }
          ],
          "datePublic": "2018-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-18T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K05018525"
            },
            {
              "name": "105345",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105345"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-09-12T00:00:00",
              "ID": "CVE-2018-5549",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, 13.1.0-13.1.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K05018525",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K05018525"
                },
                {
                  "name": "105345",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105345"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5549",
        "datePublished": "2018-09-13T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:31:08.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5548 (GCVE-0-2018-5548)

    Vulnerability from nvd – Published: 2018-09-13 14:00 – Updated: 2024-09-16 19:41
    VLAI
    Summary
    On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
    Severity
    No CVSS data available.
    CWE
    • XSS
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 11.6.0-11.6.3
    Create a notification for this product.
    Date Public
    2018-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K66171422"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html"
              },
              {
                "name": "105353",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105353"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6.0-11.6.3"
                }
              ]
            }
          ],
          "datePublic": "2018-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-19T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K66171422"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html"
            },
            {
              "name": "105353",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105353"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-09-12T00:00:00",
              "ID": "CVE-2018-5548",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.6.0-11.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K66171422",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K66171422"
                },
                {
                  "name": "http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html",
                  "refsource": "MISC",
                  "url": "http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html"
                },
                {
                  "name": "105353",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105353"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5548",
        "datePublished": "2018-09-13T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:41:32.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15310 (GCVE-0-2018-15310)

    Vulnerability from nvd – Published: 2018-09-13 14:00 – Updated: 2024-09-16 18:07
    VLAI
    Summary
    A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K40625021 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 11.5.1-11.5.7, 11.6.0-11.6.3, 12.1.0-12.1.3
    Create a notification for this product.
    Date Public
    2018-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:46:25.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K40625021"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5.1-11.5.7, 11.6.0-11.6.3, 12.1.0-12.1.3"
                }
              ]
            }
          ],
          "datePublic": "2018-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-13T13:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K40625021"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-09-12T00:00:00",
              "ID": "CVE-2018-15310",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.5.1-11.5.7, 11.6.0-11.6.3, 12.1.0-12.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K40625021",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K40625021"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-15310",
        "datePublished": "2018-09-13T14:00:00.000Z",
        "dateReserved": "2018-08-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:07:46.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6139 (GCVE-0-2017-6139)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-16 18:23
    VLAI
    Summary
    In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.
    Severity
    No CVSS data available.
    CWE
    • Information Leakage
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K45432295 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040055 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/106186 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 13.0.0
    Affected: 12.1.2
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K45432295"
              },
              {
                "name": "1040055",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040055"
              },
              {
                "name": "106186",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106186"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Leakage",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-12T09:06:02.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K45432295"
            },
            {
              "name": "1040055",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040055"
            },
            {
              "name": "106186",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106186"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6139",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Leakage"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K45432295",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K45432295"
                },
                {
                  "name": "1040055",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040055"
                },
                {
                  "name": "106186",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106186"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6139",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:23:45.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6129 (GCVE-0-2017-6129)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-16 19:34
    VLAI
    Summary
    In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K20087443 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040047 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 13.0.0
    Affected: 12.1.2
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.850Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K20087443"
              },
              {
                "name": "1040047",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040047"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a \"flow not in use\" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K20087443"
            },
            {
              "name": "1040047",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040047"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6129",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a \"flow not in use\" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K20087443",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K20087443"
                },
                {
                  "name": "1040047",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040047"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6129",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:34:56.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0301 (GCVE-0-2017-0301)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-16 16:24
    VLAI
    Summary
    In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected.
    Severity
    No CVSS data available.
    CWE
    • Predictable Resource Location
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040040 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K54358225 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4
    Affected: 11.6.0, 11.6.1
    Affected: 12.0.0, 12.1.0, 12.1.1, 12.1.2
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:56.586Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040040",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040040"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K54358225"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
                },
                {
                  "status": "affected",
                  "version": "11.6.0, 11.6.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Predictable Resource Location",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-22T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040040",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040040"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K54358225"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-0301",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
                              },
                              {
                                "version_value": "11.6.0, 11.6.1"
                              },
                              {
                                "version_value": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Predictable Resource Location"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040040",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040040"
                },
                {
                  "name": "https://support.f5.com/csp/article/K54358225",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K54358225"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-0301",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:24:18.404Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0302 (GCVE-0-2017-0302)

    Vulnerability from nvd – Published: 2017-05-09 15:00 – Updated: 2024-08-05 13:03
    VLAI
    Summary
    In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.
    Severity
    No CVSS data available.
    CWE
    • BIG-IP APM may be disrupted if a URL less than 16 characters is requested.
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1038408 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K87141725 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 13.0.0
    Affected: 12.0.0 - 12.1.2
    Create a notification for this product.
    Date Public
    2017-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:56.335Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038408",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038408"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K87141725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "BIG-IP APM may be disrupted if a URL less than 16 characters is requested.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1038408",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038408"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K87141725"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2017-0302",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.0.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "BIG-IP APM may be disrupted if a URL less than 16 characters is requested."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038408",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038408"
                },
                {
                  "name": "https://support.f5.com/csp/article/K87141725",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K87141725"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-0302",
        "datePublished": "2017-05-09T15:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:03:56.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9257 (GCVE-0-2016-9257)

    Vulnerability from nvd – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.
    Severity
    No CVSS data available.
    CWE
    • Non-authenticated XSS attack against Administrative interface via public interface
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K43523962 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038416 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 12.0.0 through 12.1.2
    Create a notification for this product.
    Date Public
    2017-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K43523962"
              },
              {
                "name": "1038416",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038416"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0.0 through 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Non-authenticated XSS attack against Administrative interface via public interface",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K43523962"
            },
            {
              "name": "1038416",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038416"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2016-9257",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.0.0 through 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Non-authenticated XSS attack against Administrative interface via public interface"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K43523962",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K43523962"
                },
                {
                  "name": "1038416",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038416"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-9257",
        "datePublished": "2017-05-09T15:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15310 (GCVE-0-2018-15310)

    Vulnerability from cvelistv5 – Published: 2018-09-13 14:00 – Updated: 2024-09-16 18:07
    VLAI
    Summary
    A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K40625021 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 11.5.1-11.5.7, 11.6.0-11.6.3, 12.1.0-12.1.3
    Create a notification for this product.
    Date Public
    2018-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:46:25.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K40625021"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5.1-11.5.7, 11.6.0-11.6.3, 12.1.0-12.1.3"
                }
              ]
            }
          ],
          "datePublic": "2018-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-13T13:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K40625021"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-09-12T00:00:00",
              "ID": "CVE-2018-15310",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.5.1-11.5.7, 11.6.0-11.6.3, 12.1.0-12.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K40625021",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K40625021"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-15310",
        "datePublished": "2018-09-13T14:00:00.000Z",
        "dateReserved": "2018-08-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:07:46.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5548 (GCVE-0-2018-5548)

    Vulnerability from cvelistv5 – Published: 2018-09-13 14:00 – Updated: 2024-09-16 19:41
    VLAI
    Summary
    On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
    Severity
    No CVSS data available.
    CWE
    • XSS
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 11.6.0-11.6.3
    Create a notification for this product.
    Date Public
    2018-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K66171422"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html"
              },
              {
                "name": "105353",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105353"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6.0-11.6.3"
                }
              ]
            }
          ],
          "datePublic": "2018-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-19T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K66171422"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html"
            },
            {
              "name": "105353",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105353"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-09-12T00:00:00",
              "ID": "CVE-2018-5548",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.6.0-11.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K66171422",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K66171422"
                },
                {
                  "name": "http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html",
                  "refsource": "MISC",
                  "url": "http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html"
                },
                {
                  "name": "105353",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105353"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5548",
        "datePublished": "2018-09-13T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:41:32.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5549 (GCVE-0-2018-5549)

    Vulnerability from cvelistv5 – Published: 2018-09-13 14:00 – Updated: 2024-09-16 19:31
    VLAI
    Summary
    On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K05018525 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105345 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, 13.1.0-13.1.0.3
    Create a notification for this product.
    Date Public
    2018-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.821Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K05018525"
              },
              {
                "name": "105345",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105345"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, 13.1.0-13.1.0.3"
                }
              ]
            }
          ],
          "datePublic": "2018-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-18T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K05018525"
            },
            {
              "name": "105345",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105345"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-09-12T00:00:00",
              "ID": "CVE-2018-5549",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, 13.1.0-13.1.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K05018525",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K05018525"
                },
                {
                  "name": "105345",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105345"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5549",
        "datePublished": "2018-09-13T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:31:08.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6139 (GCVE-0-2017-6139)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-16 18:23
    VLAI
    Summary
    In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.
    Severity
    No CVSS data available.
    CWE
    • Information Leakage
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K45432295 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040055 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/106186 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 13.0.0
    Affected: 12.1.2
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K45432295"
              },
              {
                "name": "1040055",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040055"
              },
              {
                "name": "106186",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106186"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Leakage",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-12T09:06:02.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K45432295"
            },
            {
              "name": "1040055",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040055"
            },
            {
              "name": "106186",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106186"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6139",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Leakage"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K45432295",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K45432295"
                },
                {
                  "name": "1040055",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040055"
                },
                {
                  "name": "106186",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106186"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6139",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:23:45.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0301 (GCVE-0-2017-0301)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-16 16:24
    VLAI
    Summary
    In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected.
    Severity
    No CVSS data available.
    CWE
    • Predictable Resource Location
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040040 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K54358225 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4
    Affected: 11.6.0, 11.6.1
    Affected: 12.0.0, 12.1.0, 12.1.1, 12.1.2
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:56.586Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040040",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040040"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K54358225"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
                },
                {
                  "status": "affected",
                  "version": "11.6.0, 11.6.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Predictable Resource Location",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-22T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040040",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040040"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K54358225"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-0301",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
                              },
                              {
                                "version_value": "11.6.0, 11.6.1"
                              },
                              {
                                "version_value": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Predictable Resource Location"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040040",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040040"
                },
                {
                  "name": "https://support.f5.com/csp/article/K54358225",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K54358225"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-0301",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:24:18.404Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6129 (GCVE-0-2017-6129)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-16 19:34
    VLAI
    Summary
    In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K20087443 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040047 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 13.0.0
    Affected: 12.1.2
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.850Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K20087443"
              },
              {
                "name": "1040047",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040047"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a \"flow not in use\" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K20087443"
            },
            {
              "name": "1040047",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040047"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6129",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a \"flow not in use\" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K20087443",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K20087443"
                },
                {
                  "name": "1040047",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040047"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6129",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:34:56.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9257 (GCVE-0-2016-9257)

    Vulnerability from cvelistv5 – Published: 2017-05-09 15:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.
    Severity
    No CVSS data available.
    CWE
    • Non-authenticated XSS attack against Administrative interface via public interface
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K43523962 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038416 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 12.0.0 through 12.1.2
    Create a notification for this product.
    Date Public
    2017-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K43523962"
              },
              {
                "name": "1038416",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038416"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0.0 through 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Non-authenticated XSS attack against Administrative interface via public interface",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K43523962"
            },
            {
              "name": "1038416",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038416"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2016-9257",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.0.0 through 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Non-authenticated XSS attack against Administrative interface via public interface"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K43523962",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K43523962"
                },
                {
                  "name": "1038416",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038416"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2016-9257",
        "datePublished": "2017-05-09T15:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0302 (GCVE-0-2017-0302)

    Vulnerability from cvelistv5 – Published: 2017-05-09 15:00 – Updated: 2024-08-05 13:03
    VLAI
    Summary
    In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.
    Severity
    No CVSS data available.
    CWE
    • BIG-IP APM may be disrupted if a URL less than 16 characters is requested.
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1038408 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K87141725 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP APM Affected: 13.0.0
    Affected: 12.0.0 - 12.1.2
    Create a notification for this product.
    Date Public
    2017-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:56.335Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038408",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038408"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K87141725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "BIG-IP APM may be disrupted if a URL less than 16 characters is requested.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1038408",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038408"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K87141725"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2017-0302",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.0.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "BIG-IP APM may be disrupted if a URL less than 16 characters is requested."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038408",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038408"
                },
                {
                  "name": "https://support.f5.com/csp/article/K87141725",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K87141725"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-0302",
        "datePublished": "2017-05-09T15:00:00.000Z",
        "dateReserved": "2016-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:03:56.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }