F5

Big-ip Application Security Manager

492 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2018-13405

Exploit
  • EPSS 0.15%
  • Published 06.07.2018 14:29:01
  • Last modified 21.11.2024 03:47:02

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a memb...

7.8

CVE-2018-5527

  • EPSS 0.97%
  • Published 27.06.2018 20:29:05
  • Last modified 21.11.2024 04:09:00

On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to lea...

5.3

CVE-2017-6153

  • EPSS 0.6%
  • Published 01.06.2018 14:29:00
  • Last modified 21.11.2024 03:29:09

Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "...

7.5

CVE-2018-5513

  • EPSS 0.75%
  • Published 01.06.2018 14:29:00
  • Last modified 21.11.2024 04:08:57

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configurat...

6.1

CVE-2018-5521

  • EPSS 0.35%
  • Published 01.06.2018 14:29:00
  • Last modified 21.11.2024 04:08:59

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.

5.9

CVE-2018-5522

  • EPSS 0.68%
  • Published 01.06.2018 14:29:00
  • Last modified 21.11.2024 04:08:59

On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.

7.2

CVE-2018-5523

  • EPSS 0.42%
  • Published 01.06.2018 14:29:00
  • Last modified 21.11.2024 04:08:59

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as t...

5.3

CVE-2018-5524

  • EPSS 0.6%
  • Published 01.06.2018 14:29:00
  • Last modified 21.11.2024 04:08:59

Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and ...

4.3

CVE-2018-5525

  • EPSS 0.16%
  • Published 01.06.2018 14:29:00
  • Last modified 21.11.2024 04:08:59

A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxi...

6.5

CVE-2018-5526

  • EPSS 1.24%
  • Published 01.06.2018 14:29:00
  • Last modified 21.11.2024 04:08:59

Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack.