F5

Big-ip Websafe

96 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-6629

  • EPSS 0.7%
  • Published 03.07.2019 18:15:10
  • Last modified 21.11.2024 04:46:50

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This onl...

6.1

CVE-2019-6625

  • EPSS 0.35%
  • Published 03.07.2019 18:15:10
  • Last modified 21.11.2024 04:46:49

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI) also known as the...

4.9

CVE-2019-6615

  • EPSS 0.27%
  • Published 03.05.2019 20:29:01
  • Last modified 21.11.2024 04:46:48

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems.

5.3

CVE-2018-5537

  • EPSS 0.69%
  • Published 25.07.2018 14:29:00
  • Last modified 21.11.2024 04:09:01

A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some special...

7.5

CVE-2018-5530

  • EPSS 0.75%
  • Published 25.07.2018 14:29:00
  • Last modified 21.11.2024 04:09:00

F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".

7.8

CVE-2018-5527

  • EPSS 0.97%
  • Published 27.06.2018 20:29:05
  • Last modified 21.11.2024 04:09:00

On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to lea...

5.9

CVE-2018-5522

  • EPSS 0.68%
  • Published 01.06.2018 14:29:00
  • Last modified 21.11.2024 04:08:59

On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.

6.1

CVE-2018-5521

  • EPSS 0.35%
  • Published 01.06.2018 14:29:00
  • Last modified 21.11.2024 04:08:59

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.

7.5

CVE-2018-5513

  • EPSS 0.75%
  • Published 01.06.2018 14:29:00
  • Last modified 21.11.2024 04:08:57

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configurat...

7.8

CVE-2018-5512

  • EPSS 2.23%
  • Published 02.05.2018 13:29:00
  • Last modified 21.11.2024 04:08:57

On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart.