5.9

CVE-2017-6160

In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.59% 0.882
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
http://www.securityfocus.com/bid/101632
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039670
Third Party Advisory
VDB Entry