F5

Big-ip Advanced Web Application Firewall

189 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.96%
  • Veröffentlicht 14.09.2021 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:51:13

On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resultin...

  • EPSS 0.47%
  • Veröffentlicht 14.09.2021 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:51:13

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclose...

  • EPSS 0.96%
  • Veröffentlicht 14.09.2021 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:51:13

On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (T...

  • EPSS 0.92%
  • Veröffentlicht 14.09.2021 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:51:13

On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the M...

  • EPSS 0.96%
  • Veröffentlicht 14.09.2021 13:15:10
  • Zuletzt bearbeitet 21.11.2024 05:51:13

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual se...

  • EPSS 0.99%
  • Veröffentlicht 10.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:08

On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There...

  • EPSS 0.27%
  • Veröffentlicht 10.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:08

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "A...

  • EPSS 0.8%
  • Veröffentlicht 10.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:09

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with g...

  • EPSS 1.34%
  • Veröffentlicht 10.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:09

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions u...

  • EPSS 0.96%
  • Veröffentlicht 10.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:08

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microk...