Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for big-ip_dns by f5

    CVE-2018-5501 (GCVE-0-2018-5501)

    Vulnerability from nvd – Published: 2018-03-01 16:00 – Updated: 2024-09-17 02:37
    VLAI
    Summary
    In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K44200194 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/103211 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe Affected: 13.0.0
    Affected: 12.1.0 - 12.1.3.1
    Affected: 11.6.1 - 11.6.x
    Affected: 11.5.1 - 11.5.x
    Affected: 11.2.1
    Create a notification for this product.
    Date Public
    2018-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K44200194"
              },
              {
                "name": "103211",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103211"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.6.1 - 11.6.x"
                },
                {
                  "status": "affected",
                  "version": "11.5.1 - 11.5.x"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-06T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K44200194"
            },
            {
              "name": "103211",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103211"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-02-28T00:00:00",
              "ID": "CVE-2018-5501",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.3.1"
                              },
                              {
                                "version_value": "11.6.1 - 11.6.x"
                              },
                              {
                                "version_value": "11.5.1 - 11.5.x"
                              },
                              {
                                "version_value": "11.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K44200194",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K44200194"
                },
                {
                  "name": "103211",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103211"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5501",
        "datePublished": "2018-03-01T16:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:37:02.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5500 (GCVE-0-2018-5500)

    Vulnerability from nvd – Published: 2018-03-01 16:00 – Updated: 2024-09-16 20:41
    VLAI
    Summary
    On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K33211839 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/103217 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2018-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K33211839"
              },
              {
                "name": "103217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.6.1 - 11.6.2"
                }
              ]
            }
          ],
          "datePublic": "2018-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-06T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K33211839"
            },
            {
              "name": "103217",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103217"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-02-28T00:00:00",
              "ID": "CVE-2018-5500",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.3.1"
                              },
                              {
                                "version_value": "11.6.1 - 11.6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K33211839",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K33211839"
                },
                {
                  "name": "103217",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103217"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5500",
        "datePublished": "2018-03-01T16:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:41:38.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6150 (GCVE-0-2017-6150)

    Vulnerability from nvd – Published: 2018-03-01 16:00 – Updated: 2024-09-17 00:06
    VLAI
    Summary
    Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    http://www.securityfocus.com/bid/103235 vdb-entryx_refsource_BID
    https://support.f5.com/csp/article/K62712037 x_refsource_CONFIRM
    Impacted products
    Date Public
    2018-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "103235",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103235"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K62712037"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.3.1"
                }
              ]
            }
          ],
          "datePublic": "2018-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "103235",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103235"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K62712037"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-02-28T00:00:00",
              "ID": "CVE-2017-6150",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "103235",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103235"
                },
                {
                  "name": "https://support.f5.com/csp/article/K62712037",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K62712037"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6150",
        "datePublished": "2018-03-01T16:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:06:49.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6167 (GCVE-0-2017-6167)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-17 03:58
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K24465120 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040053 vdb-entryx_refsource_SECTRACK
    Impacted products
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K24465120"
              },
              {
                "name": "1040053",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040053"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K24465120"
            },
            {
              "name": "1040053",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040053"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6167",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K24465120",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K24465120"
                },
                {
                  "name": "1040053",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040053"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6167",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:58:35.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6164 (GCVE-0-2017-6164)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-17 04:13
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service and Remote Code Execution
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040054 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K02714910 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe Affected: 13.0.0
    Affected: 12.0.0 - 12.1.2
    Affected: 11.6.0 - 11.6.1
    Affected: 11.5.0 - 11.5.4
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040054",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040054"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K02714910"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.0 - 12.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.6.0 - 11.6.1"
                },
                {
                  "status": "affected",
                  "version": "11.5.0 - 11.5.4"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service and Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040054",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040054"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K02714910"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6164",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.0.0 - 12.1.2"
                              },
                              {
                                "version_value": "11.6.0 - 11.6.1"
                              },
                              {
                                "version_value": "11.5.0 - 11.5.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service and Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040054",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040054"
                },
                {
                  "name": "https://support.f5.com/csp/article/K02714910",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K02714910"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6164",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:13:51.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6151 (GCVE-0-2017-6151)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-16 18:24
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040052 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K07369970 x_refsource_CONFIRM
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040052",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040052"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K07369970"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the \"HTTP/2 profile\" may result in a disruption of service to TMM."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040052",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040052"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K07369970"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6151",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the \"HTTP/2 profile\" may result in a disruption of service to TMM."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040052",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040052"
                },
                {
                  "name": "https://support.f5.com/csp/article/K07369970",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K07369970"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6151",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:24:04.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6140 (GCVE-0-2017-6140)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-17 04:04
    VLAI
    Summary
    On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040042 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K55102452 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM Affected: 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4
    Affected: 11.6.0, 11.6.1
    Affected: 12.0.0, 12.1.0, 12.1.1, 12.1.2
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.914Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040042",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040042"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K55102452"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
                },
                {
                  "status": "affected",
                  "version": "11.6.0, 11.6.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-22T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040042",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040042"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K55102452"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6140",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
                              },
                              {
                                "version_value": "11.6.0, 11.6.1"
                              },
                              {
                                "version_value": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040042",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040042"
                },
                {
                  "name": "https://support.f5.com/csp/article/K55102452",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K55102452"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6140",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:04:09.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6138 (GCVE-0-2017-6138)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-17 02:21
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040051 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K34514540 x_refsource_CONFIRM
    Impacted products
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K34514540"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040051",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K34514540"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6138",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040051",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040051"
                },
                {
                  "name": "https://support.f5.com/csp/article/K34514540",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K34514540"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6138",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:21:41.401Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6136 (GCVE-0-2017-6136)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-16 16:28
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM).
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040046 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K81137982 x_refsource_CONFIRM
    Impacted products
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040046",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040046"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K81137982"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040046",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040046"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K81137982"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.0.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040046",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040046"
                },
                {
                  "name": "https://support.f5.com/csp/article/K81137982",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K81137982"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6136",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:28:20.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6135 (GCVE-0-2017-6135)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-16 18:08
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K43322910 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040050 vdb-entryx_refsource_SECTRACK
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.764Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K43322910"
              },
              {
                "name": "1040050",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040050"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K43322910"
            },
            {
              "name": "1040050",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040050"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6135",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K43322910",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K43322910"
                },
                {
                  "name": "1040050",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040050"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6135",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:05.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6134 (GCVE-0-2017-6134)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-16 23:31
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040045 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102466 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1040044 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K37404773 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe Affected: 13.0.0
    Affected: 12.1.0 - 12.1.2
    Affected: 11.5.1 - 11.6.1
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040045",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040045"
              },
              {
                "name": "102466",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102466"
              },
              {
                "name": "1040044",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040044"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K37404773"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.5.1 - 11.6.1"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040045",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040045"
            },
            {
              "name": "102466",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102466"
            },
            {
              "name": "1040044",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040044"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K37404773"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6134",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.2"
                              },
                              {
                                "version_value": "11.5.1 - 11.6.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040045",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040045"
                },
                {
                  "name": "102466",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102466"
                },
                {
                  "name": "1040044",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040044"
                },
                {
                  "name": "https://support.f5.com/csp/article/K37404773",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K37404773"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6134",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:31:05.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6133 (GCVE-0-2017-6133)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-16 19:24
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K25033460 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102467 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1040048 vdb-entryx_refsource_SECTRACK
    Impacted products
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.795Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K25033460"
              },
              {
                "name": "102467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102467"
              },
              {
                "name": "1040048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040048"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K25033460"
            },
            {
              "name": "102467",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102467"
            },
            {
              "name": "1040048",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040048"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6133",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K25033460",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K25033460"
                },
                {
                  "name": "102467",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102467"
                },
                {
                  "name": "1040048",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040048"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6133",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:24:56.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6132 (GCVE-0-2017-6132)

    Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-16 19:05
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securityfocus.com/bid/102333 vdb-entryx_refsource_BID
    https://support.f5.com/csp/article/K12044607 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040049 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe Affected: 13.0.0
    Affected: 12.0.0 - 12.1.2
    Affected: 11.6.0 - 11.6.1
    Affected: 11.5.0 - 11.5.4
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K12044607"
              },
              {
                "name": "1040049",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040049"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.0 - 12.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.6.0 - 11.6.1"
                },
                {
                  "status": "affected",
                  "version": "11.5.0 - 11.5.4"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-03T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "102333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102333"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K12044607"
            },
            {
              "name": "1040049",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040049"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6132",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.0.0 - 12.1.2"
                              },
                              {
                                "version_value": "11.6.0 - 11.6.1"
                              },
                              {
                                "version_value": "11.5.0 - 11.5.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102333"
                },
                {
                  "name": "https://support.f5.com/csp/article/K12044607",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K12044607"
                },
                {
                  "name": "1040049",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040049"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6132",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:05:17.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6166 (GCVE-0-2017-6166)

    Vulnerability from nvd – Published: 2017-11-22 16:00 – Updated: 2024-09-16 19:36
    VLAI
    Summary
    In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.
    Severity
    No CVSS data available.
    CWE
    • denial of service
    Assigner
    f5
    References
    URL Tags
    http://www.securityfocus.com/bid/102264 vdb-entryx_refsource_BID
    https://support.f5.com/csp/article/K65615624 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039949 vdb-entryx_refsource_SECTRACK
    Date Public
    2017-11-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102264",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102264"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K65615624"
              },
              {
                "name": "1039949",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039949"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0.0, 12.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-26T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "102264",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102264"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K65615624"
            },
            {
              "name": "1039949",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039949"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-11-21T00:00:00",
              "ID": "CVE-2017-6166",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.0.0, 12.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102264",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102264"
                },
                {
                  "name": "https://support.f5.com/csp/article/K65615624",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K65615624"
                },
                {
                  "name": "1039949",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039949"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6166",
        "datePublished": "2017-11-22T16:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:36:14.016Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6150 (GCVE-0-2017-6150)

    Vulnerability from cvelistv5 – Published: 2018-03-01 16:00 – Updated: 2024-09-17 00:06
    VLAI
    Summary
    Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    http://www.securityfocus.com/bid/103235 vdb-entryx_refsource_BID
    https://support.f5.com/csp/article/K62712037 x_refsource_CONFIRM
    Impacted products
    Date Public
    2018-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "103235",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103235"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K62712037"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.3.1"
                }
              ]
            }
          ],
          "datePublic": "2018-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "103235",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103235"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K62712037"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-02-28T00:00:00",
              "ID": "CVE-2017-6150",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "103235",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103235"
                },
                {
                  "name": "https://support.f5.com/csp/article/K62712037",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K62712037"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6150",
        "datePublished": "2018-03-01T16:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:06:49.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5501 (GCVE-0-2018-5501)

    Vulnerability from cvelistv5 – Published: 2018-03-01 16:00 – Updated: 2024-09-17 02:37
    VLAI
    Summary
    In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K44200194 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/103211 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe Affected: 13.0.0
    Affected: 12.1.0 - 12.1.3.1
    Affected: 11.6.1 - 11.6.x
    Affected: 11.5.1 - 11.5.x
    Affected: 11.2.1
    Create a notification for this product.
    Date Public
    2018-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K44200194"
              },
              {
                "name": "103211",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103211"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.6.1 - 11.6.x"
                },
                {
                  "status": "affected",
                  "version": "11.5.1 - 11.5.x"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-06T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K44200194"
            },
            {
              "name": "103211",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103211"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-02-28T00:00:00",
              "ID": "CVE-2018-5501",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.3.1"
                              },
                              {
                                "version_value": "11.6.1 - 11.6.x"
                              },
                              {
                                "version_value": "11.5.1 - 11.5.x"
                              },
                              {
                                "version_value": "11.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K44200194",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K44200194"
                },
                {
                  "name": "103211",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103211"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5501",
        "datePublished": "2018-03-01T16:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:37:02.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5500 (GCVE-0-2018-5500)

    Vulnerability from cvelistv5 – Published: 2018-03-01 16:00 – Updated: 2024-09-16 20:41
    VLAI
    Summary
    On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K33211839 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/103217 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2018-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K33211839"
              },
              {
                "name": "103217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.6.1 - 11.6.2"
                }
              ]
            }
          ],
          "datePublic": "2018-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-06T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K33211839"
            },
            {
              "name": "103217",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103217"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-02-28T00:00:00",
              "ID": "CVE-2018-5500",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.3.1"
                              },
                              {
                                "version_value": "11.6.1 - 11.6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K33211839",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K33211839"
                },
                {
                  "name": "103217",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103217"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5500",
        "datePublished": "2018-03-01T16:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:41:38.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6132 (GCVE-0-2017-6132)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-16 19:05
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securityfocus.com/bid/102333 vdb-entryx_refsource_BID
    https://support.f5.com/csp/article/K12044607 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040049 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe Affected: 13.0.0
    Affected: 12.0.0 - 12.1.2
    Affected: 11.6.0 - 11.6.1
    Affected: 11.5.0 - 11.5.4
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K12044607"
              },
              {
                "name": "1040049",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040049"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.0 - 12.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.6.0 - 11.6.1"
                },
                {
                  "status": "affected",
                  "version": "11.5.0 - 11.5.4"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-03T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "102333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102333"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K12044607"
            },
            {
              "name": "1040049",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040049"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6132",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.0.0 - 12.1.2"
                              },
                              {
                                "version_value": "11.6.0 - 11.6.1"
                              },
                              {
                                "version_value": "11.5.0 - 11.5.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102333"
                },
                {
                  "name": "https://support.f5.com/csp/article/K12044607",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K12044607"
                },
                {
                  "name": "1040049",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040049"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6132",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:05:17.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6136 (GCVE-0-2017-6136)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-16 16:28
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM).
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040046 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K81137982 x_refsource_CONFIRM
    Impacted products
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040046",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040046"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K81137982"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040046",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040046"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K81137982"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.0.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040046",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040046"
                },
                {
                  "name": "https://support.f5.com/csp/article/K81137982",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K81137982"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6136",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:28:20.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6138 (GCVE-0-2017-6138)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-17 02:21
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040051 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K34514540 x_refsource_CONFIRM
    Impacted products
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K34514540"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040051",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K34514540"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6138",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040051",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040051"
                },
                {
                  "name": "https://support.f5.com/csp/article/K34514540",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K34514540"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6138",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:21:41.401Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6133 (GCVE-0-2017-6133)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-16 19:24
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K25033460 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102467 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1040048 vdb-entryx_refsource_SECTRACK
    Impacted products
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.795Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K25033460"
              },
              {
                "name": "102467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102467"
              },
              {
                "name": "1040048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040048"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K25033460"
            },
            {
              "name": "102467",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102467"
            },
            {
              "name": "1040048",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040048"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6133",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K25033460",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K25033460"
                },
                {
                  "name": "102467",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102467"
                },
                {
                  "name": "1040048",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040048"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6133",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:24:56.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6167 (GCVE-0-2017-6167)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-17 03:58
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K24465120 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040053 vdb-entryx_refsource_SECTRACK
    Impacted products
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K24465120"
              },
              {
                "name": "1040053",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040053"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K24465120"
            },
            {
              "name": "1040053",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040053"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6167",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K24465120",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K24465120"
                },
                {
                  "name": "1040053",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040053"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6167",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:58:35.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6135 (GCVE-0-2017-6135)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-16 18:08
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K43322910 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040050 vdb-entryx_refsource_SECTRACK
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.764Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K43322910"
              },
              {
                "name": "1040050",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040050"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K43322910"
            },
            {
              "name": "1040050",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040050"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6135",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K43322910",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K43322910"
                },
                {
                  "name": "1040050",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040050"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6135",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:05.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6134 (GCVE-0-2017-6134)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-16 23:31
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040045 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102466 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1040044 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K37404773 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe Affected: 13.0.0
    Affected: 12.1.0 - 12.1.2
    Affected: 11.5.1 - 11.6.1
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040045",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040045"
              },
              {
                "name": "102466",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102466"
              },
              {
                "name": "1040044",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040044"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K37404773"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0 - 12.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.5.1 - 11.6.1"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040045",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040045"
            },
            {
              "name": "102466",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102466"
            },
            {
              "name": "1040044",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040044"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K37404773"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6134",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.1.0 - 12.1.2"
                              },
                              {
                                "version_value": "11.5.1 - 11.6.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040045",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040045"
                },
                {
                  "name": "102466",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102466"
                },
                {
                  "name": "1040044",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040044"
                },
                {
                  "name": "https://support.f5.com/csp/article/K37404773",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K37404773"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6134",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:31:05.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6140 (GCVE-0-2017-6140)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-17 04:04
    VLAI
    Summary
    On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040042 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K55102452 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM Affected: 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4
    Affected: 11.6.0, 11.6.1
    Affected: 12.0.0, 12.1.0, 12.1.1, 12.1.2
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.914Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040042",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040042"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K55102452"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
                },
                {
                  "status": "affected",
                  "version": "11.6.0, 11.6.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-22T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040042",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040042"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K55102452"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6140",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
                              },
                              {
                                "version_value": "11.6.0, 11.6.1"
                              },
                              {
                                "version_value": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040042",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040042"
                },
                {
                  "name": "https://support.f5.com/csp/article/K55102452",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K55102452"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6140",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:04:09.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6151 (GCVE-0-2017-6151)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-16 18:24
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040052 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K07369970 x_refsource_CONFIRM
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040052",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040052"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K07369970"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the \"HTTP/2 profile\" may result in a disruption of service to TMM."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040052",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040052"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K07369970"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6151",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the \"HTTP/2 profile\" may result in a disruption of service to TMM."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040052",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040052"
                },
                {
                  "name": "https://support.f5.com/csp/article/K07369970",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K07369970"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6151",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:24:04.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6164 (GCVE-0-2017-6164)

    Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-17 04:13
    VLAI
    Summary
    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service and Remote Code Execution
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1040054 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K02714910 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe Affected: 13.0.0
    Affected: 12.0.0 - 12.1.2
    Affected: 11.6.0 - 11.6.1
    Affected: 11.5.0 - 11.5.4
    Create a notification for this product.
    Date Public
    2017-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040054",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040054"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K02714910"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.0 - 12.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.6.0 - 11.6.1"
                },
                {
                  "status": "affected",
                  "version": "11.5.0 - 11.5.4"
                }
              ]
            }
          ],
          "datePublic": "2017-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service and Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-23T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1040054",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040054"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K02714910"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-12-20T00:00:00",
              "ID": "CVE-2017-6164",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0"
                              },
                              {
                                "version_value": "12.0.0 - 12.1.2"
                              },
                              {
                                "version_value": "11.6.0 - 11.6.1"
                              },
                              {
                                "version_value": "11.5.0 - 11.5.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service and Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040054",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040054"
                },
                {
                  "name": "https://support.f5.com/csp/article/K02714910",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K02714910"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6164",
        "datePublished": "2017-12-21T17:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:13:51.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6166 (GCVE-0-2017-6166)

    Vulnerability from cvelistv5 – Published: 2017-11-22 16:00 – Updated: 2024-09-16 19:36
    VLAI
    Summary
    In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.
    Severity
    No CVSS data available.
    CWE
    • denial of service
    Assigner
    f5
    References
    URL Tags
    http://www.securityfocus.com/bid/102264 vdb-entryx_refsource_BID
    https://support.f5.com/csp/article/K65615624 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039949 vdb-entryx_refsource_SECTRACK
    Date Public
    2017-11-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102264",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102264"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K65615624"
              },
              {
                "name": "1039949",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039949"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0.0, 12.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-26T10:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "102264",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102264"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K65615624"
            },
            {
              "name": "1039949",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039949"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2017-11-21T00:00:00",
              "ID": "CVE-2017-6166",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.0.0, 12.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102264",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102264"
                },
                {
                  "name": "https://support.f5.com/csp/article/K65615624",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K65615624"
                },
                {
                  "name": "1039949",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039949"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6166",
        "datePublished": "2017-11-22T16:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:36:14.016Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }