7.5

CVE-2017-0303

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5Big-ip Local Traffic Manager Version11.5.0
F5Big-ip Local Traffic Manager Version11.5.1
F5Big-ip Local Traffic Manager Version11.5.2
F5Big-ip Local Traffic Manager Version11.5.3
F5Big-ip Local Traffic Manager Version11.5.4
F5Big-ip Local Traffic Manager Version11.5.5
F5Big-ip Local Traffic Manager Version11.6.0
F5Big-ip Local Traffic Manager Version11.6.1
F5Big-ip Local Traffic Manager Version12.0.0
F5Big-ip Local Traffic Manager Version12.1.0
F5Big-ip Local Traffic Manager Version12.1.1
F5Big-ip Local Traffic Manager Version12.1.2
F5Big-ip Local Traffic Manager Version13.0.0
F5Big-ip Access Policy Manager Version11.5.0
F5Big-ip Access Policy Manager Version11.5.1
F5Big-ip Access Policy Manager Version11.5.2
F5Big-ip Access Policy Manager Version11.5.3
F5Big-ip Access Policy Manager Version11.5.4
F5Big-ip Access Policy Manager Version11.5.5
F5Big-ip Access Policy Manager Version11.6.0
F5Big-ip Access Policy Manager Version11.6.1
F5Big-ip Access Policy Manager Version12.0.0
F5Big-ip Access Policy Manager Version12.1.0
F5Big-ip Access Policy Manager Version12.1.1
F5Big-ip Access Policy Manager Version12.1.2
F5Big-ip Access Policy Manager Version13.0.0
F5Big-ip Link Controller Version11.5.0
F5Big-ip Link Controller Version11.5.1
F5Big-ip Link Controller Version11.5.2
F5Big-ip Link Controller Version11.5.3
F5Big-ip Link Controller Version11.5.4
F5Big-ip Link Controller Version11.5.5
F5Big-ip Link Controller Version11.6.0
F5Big-ip Link Controller Version11.6.1
F5Big-ip Link Controller Version12.0.0
F5Big-ip Link Controller Version12.1.0
F5Big-ip Link Controller Version12.1.1
F5Big-ip Link Controller Version12.1.2
F5Big-ip Link Controller Version13.0.0
F5Big-ip Websafe Version1.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.44% 0.837
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

http://www.securityfocus.com/bid/101612
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039674
Third Party Advisory
VDB Entry