F5

Big-ip Access Policy Manager

589 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-5549

  • EPSS 0.75%
  • Veröffentlicht 13.09.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:03

On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements.

7.8

CVE-2018-5391

  • EPSS 3.82%
  • Veröffentlicht 06.09.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:43

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments...

7.8

CVE-2018-5546

Exploit
  • EPSS 0.16%
  • Veröffentlicht 17.08.2018 12:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:02

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A maliciou...

7.8

CVE-2018-5390

  • EPSS 6.84%
  • Veröffentlicht 06.08.2018 20:29:01
  • Zuletzt bearbeitet 21.11.2024 04:08:43

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

7.5

CVE-2018-5544

  • EPSS 1.59%
  • Veröffentlicht 31.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:02

When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters.

7.5

CVE-2018-5530

  • EPSS 0.75%
  • Veröffentlicht 25.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:00

F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".

7.4

CVE-2018-5531

  • EPSS 0.18%
  • Veröffentlicht 25.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:00

Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (lay...

7.5

CVE-2018-5536

  • EPSS 1.15%
  • Veröffentlicht 25.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:01

A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module.

5.3

CVE-2018-5537

  • EPSS 0.69%
  • Veröffentlicht 25.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:01

A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some special...

8.1

CVE-2018-5542

  • EPSS 0.79%
  • Veröffentlicht 25.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:02

F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server.