cnvd - cnvd-2021-65634

cnvd-2021-65634

Vulnerability from cnvd

Title

F5 BIG-IP Advanced WAF and ASM MySQL database拒绝服务漏洞

Description

F5 BIG-IP是F5公司的一款集成了网络流量编排、负载均衡、智能DNS，远程接入策略管理等功能的应用交付平台。 F5 BIG-IP Advanced WAF and ASM MySQL database拒绝服务漏洞，在Virtul Server上关联了开启了brute force防护的ASM的策略，攻击者可利用该漏洞导致磁盘空间不足，可能导致tmsh， icontrol rest无法正常工作。

Severity

低

Patch Name

F5 BIG-IP Advanced WAF and ASM MySQL database拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已更新补丁链接，请及时更新： https://support.f5.com/csp/article/K36942191

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23053

Impacted products

Name
['F5 BIG-IP (Advanced WAF and ASM) 15.1.0-15.1.2', 'F5 BIG-IP (Advanced WAF and ASM) 14.1.0-14.1.3', 'F5 BIG-IP (Advanced WAF and ASM) 13.1.0-13.1.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-23053"
    }
  },
  "description": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\n\nF5 BIG-IP Advanced WAF and ASM MySQL database\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5728Virtul Server\u4e0a\u5173\u8054\u4e86\u5f00\u542f\u4e86brute force\u9632\u62a4\u7684ASM\u7684\u7b56\u7565 \uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u78c1\u76d8\u7a7a\u95f4\u4e0d\u8db3\uff0c\u53ef\u80fd\u5bfc\u81f4tmsh\uff0c\u00a0icontrol rest\u65e0\u6cd5\u6b63\u5e38\u5de5\u4f5c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u66f4\u65b0\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://support.f5.com/csp/article/K36942191",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-65634",
  "openTime": "2021-08-26",
  "patchDescription": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\r\n\r\nF5 BIG-IP Advanced WAF and ASM MySQL database\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5728Virtul Server\u4e0a\u5173\u8054\u4e86\u5f00\u542f\u4e86brute force\u9632\u62a4\u7684ASM\u7684\u7b56\u7565 \uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u78c1\u76d8\u7a7a\u95f4\u4e0d\u8db3\uff0c\u53ef\u80fd\u5bfc\u81f4tmsh\uff0c\u00a0icontrol rest\u65e0\u6cd5\u6b63\u5e38\u5de5\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 BIG-IP Advanced WAF and ASM MySQL database\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "F5 BIG-IP (Advanced WAF and ASM) 15.1.0-15.1.2",
      "F5 BIG-IP (Advanced WAF and ASM) 14.1.0-14.1.3",
      "F5 BIG-IP (Advanced WAF and ASM) 13.1.0-13.1.3"
    ]
  },
  "referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23053",
  "serverity": "\u4f4e",
  "submitTime": "2021-08-26",
  "title": "F5 BIG-IP Advanced WAF and ASM MySQL database\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2021-23053 (GCVE-0-2021-23053)

Vulnerability from cvelistv5

Published

2021-09-14 12:28

Modified

2024-08-03 18:58

Severity ?

CWE

CWE-400

Summary

On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References

URL

Tags

https://support.f5.com/csp/article/K36942191

x_refsource_MISC