admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'cna/f5/20171019'

Browse Source
This commit is contained in:
CVE Team 2017-10-20 10:08:09 -04:00
commit 2ba5841d12
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
4 changed files with 193 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
2017/6xxx/CVE-2017-6141.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-07-12T00:00:00",
"ID" : "CVE-2017-6141",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, WebSafe",
"version" : {
"version_data" : [
{
"version_value" : "12.1.0 through 12.1.2"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "TLS abbreviated handshake vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://support.f5.com/csp/article/K21154730"
}
]
}

49
2017/6xxx/CVE-2017-6144.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-07-12T00:00:00",
"ID" : "CVE-2017-6144",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "F5 BIG-IP PEM",
"version" : {
"version_data" : [
{
"version_value" : "12.1.0 through 12.1.2"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "When downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PEM for Device Type and OS (DTOS) and Tethering detection. Customers not using BIG-IP PEM, not configuring downloads of TAC database files, or not using HTTP for that download are not affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Certificate verification vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://support.f5.com/csp/article/K81601350"
}
]
}

52
2017/6xxx/CVE-2017-6145.json
View File

@ -1,8 +1,35 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-07-12T00:00:00",
"ID" : "CVE-2017-6145",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"version" : {
"version_data" : [
{
"version_value" : "12.0.0 through 12.1.2"
},
{
"version_value" : "13.0.0"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +38,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "iControl REST includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cookie verification vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://support.f5.com/csp/article/K22317030"
}
]
}

55
2017/6xxx/CVE-2017-6165.json
View File

@ -1,8 +1,38 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-10-19T00:00:00",
"ID" : "CVE-2017-6165",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"version" : {
"version_data" : [
{
"version_value" : "12.0.0 through 12.1.2"
},
{
"version_value" : "11.6.0 through 11.6.1 HF1"
},
{
"version_value" : "11.5.1 HF6 through 11.5.4 HF4"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +41,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "On VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the \"/var/log/ltm\" log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information leakage via logfile"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://support.f5.com/csp/article/K74759095"
}
]
}