Search criteria
7 vulnerabilities by BIG-IP
CVE-2019-6608 (GCVE-0-2019-6608)
Vulnerability from cvelistv5 – Published: 2019-03-28 20:46 – Updated: 2024-08-04 20:23
VLAI
Summary
On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests.
Severity
No CVSS data available.
CWE
- DoS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.f5.com/csp/article/K12139752 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) |
Affected:
11.5.1-11.6.3
Affected: 12.1.0-12.1.3 Affected: 13.0.0-13.1.1.1 Affected: 14.0.0-14.0.0.2 |
Date Public
2019-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K12139752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"vendor": "BIG-IP",
"versions": [
{
"status": "affected",
"version": "11.5.1-11.6.3"
},
{
"status": "affected",
"version": "12.1.0-12.1.3"
},
{
"status": "affected",
"version": "13.0.0-13.1.1.1"
},
{
"status": "affected",
"version": "14.0.0-14.0.0.2"
}
]
}
],
"datePublic": "2019-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T20:46:53.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K12139752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2019-6608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version": {
"version_data": [
{
"version_value": "11.5.1-11.6.3"
},
{
"version_value": "12.1.0-12.1.3"
},
{
"version_value": "13.0.0-13.1.1.1"
},
{
"version_value": "14.0.0-14.0.0.2"
}
]
}
}
]
},
"vendor_name": "BIG-IP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K12139752",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K12139752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2019-6608",
"datePublished": "2019-03-28T20:46:53.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:22.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6607 (GCVE-0-2019-6607)
Vulnerability from cvelistv5 – Published: 2019-03-28 20:39 – Updated: 2024-08-04 20:23
VLAI
Summary
On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user.
Severity
No CVSS data available.
CWE
- XSS/CSRF
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.f5.com/csp/article/K14812883 | x_refsource_MISC |
| http://www.securityfocus.com/bid/107630 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BIG-IP | BIG-IP (ASM) |
Affected:
11.5.1-11.5.8
Affected: 11.6.1-11.6.3 Affected: 12.1.0-12.1.3 Affected: 13.0.0-13.1.1.3 Affected: 14.0.0-14.0.0.2 |
Date Public
2019-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K14812883"
},
{
"name": "107630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP (ASM)",
"vendor": "BIG-IP",
"versions": [
{
"status": "affected",
"version": "11.5.1-11.5.8"
},
{
"status": "affected",
"version": "11.6.1-11.6.3"
},
{
"status": "affected",
"version": "12.1.0-12.1.3"
},
{
"status": "affected",
"version": "13.0.0-13.1.1.3"
},
{
"status": "affected",
"version": "14.0.0-14.0.0.2"
}
]
}
],
"datePublic": "2019-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS/CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T11:06:07.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K14812883"
},
{
"name": "107630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2019-6607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (ASM)",
"version": {
"version_data": [
{
"version_value": "11.5.1-11.5.8"
},
{
"version_value": "11.6.1-11.6.3"
},
{
"version_value": "12.1.0-12.1.3"
},
{
"version_value": "13.0.0-13.1.1.3"
},
{
"version_value": "14.0.0-14.0.0.2"
}
]
}
}
]
},
"vendor_name": "BIG-IP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS/CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K14812883",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K14812883"
},
{
"name": "107630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2019-6607",
"datePublished": "2019-03-28T20:39:39.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:22.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6606 (GCVE-0-2019-6606)
Vulnerability from cvelistv5 – Published: 2019-03-28 20:34 – Updated: 2024-08-04 20:23
VLAI
Summary
On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory.
Severity
No CVSS data available.
CWE
- DoS
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.f5.com/csp/article/K35209601 | x_refsource_MISC |
| http://www.securityfocus.com/bid/107636 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) |
Affected:
11.5.1-11.6.3.4
Affected: 12.1.0-12.1.3.7 Affected: 13.0.0-13.1.1.3 Affected: 14.0.0-14.0.0.2 |
Date Public
2019-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K35209601"
},
{
"name": "107636",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"vendor": "BIG-IP",
"versions": [
{
"status": "affected",
"version": "11.5.1-11.6.3.4"
},
{
"status": "affected",
"version": "12.1.0-12.1.3.7"
},
{
"status": "affected",
"version": "13.0.0-13.1.1.3"
},
{
"status": "affected",
"version": "14.0.0-14.0.0.2"
}
]
}
],
"datePublic": "2019-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-01T07:06:06.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K35209601"
},
{
"name": "107636",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2019-6606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version": {
"version_data": [
{
"version_value": "11.5.1-11.6.3.4"
},
{
"version_value": "12.1.0-12.1.3.7"
},
{
"version_value": "13.0.0-13.1.1.3"
},
{
"version_value": "14.0.0-14.0.0.2"
}
]
}
}
]
},
"vendor_name": "BIG-IP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K35209601",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K35209601"
},
{
"name": "107636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2019-6606",
"datePublished": "2019-03-28T20:34:26.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:22.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6604 (GCVE-0-2019-6604)
Vulnerability from cvelistv5 – Published: 2019-03-28 20:28 – Updated: 2024-08-04 20:23
VLAI
Summary
On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge.
Severity
No CVSS data available.
CWE
- DoS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.f5.com/csp/article/K26455071 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) |
Affected:
11.5.1-11.5.8
Affected: 11.6.1-11.6.3.4 Affected: 12.1.0-12.1.3.6 Affected: 13.0.0-13.1.1.1 Affected: 14.0.0-14.0.0.2 |
Date Public
2019-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K26455071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"vendor": "BIG-IP",
"versions": [
{
"status": "affected",
"version": "11.5.1-11.5.8"
},
{
"status": "affected",
"version": "11.6.1-11.6.3.4"
},
{
"status": "affected",
"version": "12.1.0-12.1.3.6"
},
{
"status": "affected",
"version": "13.0.0-13.1.1.1"
},
{
"status": "affected",
"version": "14.0.0-14.0.0.2"
}
]
}
],
"datePublic": "2019-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T20:28:52.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K26455071"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2019-6604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version": {
"version_data": [
{
"version_value": "11.5.1-11.5.8"
},
{
"version_value": "11.6.1-11.6.3.4"
},
{
"version_value": "12.1.0-12.1.3.6"
},
{
"version_value": "13.0.0-13.1.1.1"
},
{
"version_value": "14.0.0-14.0.0.2"
}
]
}
}
]
},
"vendor_name": "BIG-IP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K26455071",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K26455071"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2019-6604",
"datePublished": "2019-03-28T20:28:52.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:22.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6605 (GCVE-0-2019-6605)
Vulnerability from cvelistv5 – Published: 2019-03-28 20:23 – Updated: 2024-08-04 20:23
VLAI
Summary
On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service.
Severity
No CVSS data available.
CWE
- DoS
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.f5.com/csp/article/K45353544 | x_refsource_MISC |
| http://www.securityfocus.com/bid/107629 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) |
Affected:
11.5.1-11.5.8
Affected: 11.6.1-11.6.3.4 Affected: 12.0.0 |
Date Public
2019-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K45353544"
},
{
"name": "107629",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"vendor": "BIG-IP",
"versions": [
{
"status": "affected",
"version": "11.5.1-11.5.8"
},
{
"status": "affected",
"version": "11.6.1-11.6.3.4"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"datePublic": "2019-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T11:06:07.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K45353544"
},
{
"name": "107629",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2019-6605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version": {
"version_data": [
{
"version_value": "11.5.1-11.5.8"
},
{
"version_value": "11.6.1-11.6.3.4"
},
{
"version_value": "12.0.0"
}
]
}
}
]
},
"vendor_name": "BIG-IP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K45353544",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K45353544"
},
{
"name": "107629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2019-6605",
"datePublished": "2019-03-28T20:23:18.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:22.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6603 (GCVE-0-2019-6603)
Vulnerability from cvelistv5 – Published: 2019-03-28 20:13 – Updated: 2024-08-04 20:23
VLAI
Summary
In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.
Severity
No CVSS data available.
CWE
- DoS
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.f5.com/csp/article/K14632915 | x_refsource_MISC |
| http://www.securityfocus.com/bid/107625 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) |
Affected:
11.5.1-11.5.8
Affected: 11.6.1-11.6.3 Affected: 12.1.0-12.1.3 Affected: 13.0.0-13.0.1 |
Date Public
2019-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K14632915"
},
{
"name": "107625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"vendor": "BIG-IP",
"versions": [
{
"status": "affected",
"version": "11.5.1-11.5.8"
},
{
"status": "affected",
"version": "11.6.1-11.6.3"
},
{
"status": "affected",
"version": "12.1.0-12.1.3"
},
{
"status": "affected",
"version": "13.0.0-13.0.1"
}
]
}
],
"datePublic": "2019-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T09:06:09.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K14632915"
},
{
"name": "107625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2019-6603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version": {
"version_data": [
{
"version_value": "11.5.1-11.5.8"
},
{
"version_value": "11.6.1-11.6.3"
},
{
"version_value": "12.1.0-12.1.3"
},
{
"version_value": "13.0.0-13.0.1"
}
]
}
}
]
},
"vendor_name": "BIG-IP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K14632915",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K14632915"
},
{
"name": "107625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2019-6603",
"datePublished": "2019-03-28T20:13:08.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:22.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6602 (GCVE-0-2019-6602)
Vulnerability from cvelistv5 – Published: 2019-03-28 20:02 – Updated: 2024-08-04 20:23
VLAI
Summary
In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.f5.com/csp/article/K11818407 | x_refsource_MISC |
| http://www.securityfocus.com/bid/107626 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) |
Affected:
11.5.1-11.5.8
Affected: 11.6.1-11.6.3.4 |
Date Public
2019-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K11818407"
},
{
"name": "107626",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"vendor": "BIG-IP",
"versions": [
{
"status": "affected",
"version": "11.5.1-11.5.8"
},
{
"status": "affected",
"version": "11.6.1-11.6.3.4"
}
]
}
],
"datePublic": "2019-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T09:06:09.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K11818407"
},
{
"name": "107626",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2019-6602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version": {
"version_data": [
{
"version_value": "11.5.1-11.5.8"
},
{
"version_value": "11.6.1-11.6.3.4"
}
]
}
}
]
},
"vendor_name": "BIG-IP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K11818407",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K11818407"
},
{
"name": "107626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2019-6602",
"datePublished": "2019-03-28T20:02:59.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:22.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}