5.9

CVE-2017-6163

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed.

Data is provided by the National Vulnerability Database (NVD)
F5Big-ip Local Traffic Manager Version >= 11.4.0 <= 11.5.3
F5Big-ip Local Traffic Manager Version11.6.0
F5Big-ip Local Traffic Manager Version11.6.1
F5Big-ip Local Traffic Manager Version12.0.0
F5Big-ip Local Traffic Manager Version12.1.0
F5Big-ip Local Traffic Manager Version12.1.1
F5Big-ip Local Traffic Manager Version12.1.2
F5Big-ip Application Acceleration Manager Version >= 11.4.0 <= 11.5.4
F5Big-ip Advanced Firewall Manager Version >= 11.4.0 <= 11.5.4
F5Big-ip Access Policy Manager Version >= 11.5.0 <= 11.5.4
F5Big-ip Access Policy Manager Version11.6.0
F5Big-ip Access Policy Manager Version11.6.1
F5Big-ip Access Policy Manager Version12.0.0
F5Big-ip Access Policy Manager Version12.1.0
F5Big-ip Access Policy Manager Version12.1.1
F5Big-ip Access Policy Manager Version12.1.2
F5Big-ip Application Security Manager Version >= 11.5.0 <= 11.5.4
F5Big-ip Link Controller Version >= 11.5.0 <= 11.5.4
F5Big-ip Link Controller Version11.6.0
F5Big-ip Link Controller Version11.6.1
F5Big-ip Link Controller Version12.0.0
F5Big-ip Link Controller Version12.1.0
F5Big-ip Link Controller Version12.1.1
F5Big-ip Link Controller Version12.1.2
F5Big-ip Policy Enforcement Manager Version >= 11.5.0 <= 11.5.4
F5Big-ip Protocol Security Module Version > 11.4.0 <= 11.5.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.52% 0.795
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/101606
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039671
Third Party Advisory
VDB Entry