admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submissions from F5 from 2017-10-26.

Browse Source
This commit is contained in:
CVE Team 2017-10-27 09:08:02 -04:00
parent c5664ea492
commit 754c9f478d
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
7 changed files with 409 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
2017/0xxx/CVE-2017-0303.json
View File

@ -1,8 +1,38 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-10-26T00:00:00",
"ID" : "CVE-2017-0303",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
"version" : {
"version_data" : [
{
"version_value" : "13.0.0"
},
{
"version_value" : "12.0.0 - 12.1.2"
},
{
"version_value" : "11.5.1 - 11.6.1"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +41,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://support.f5.com/csp/article/K30201296"
}
]
}

55
2017/6xxx/CVE-2017-6157.json
View File

@ -1,8 +1,38 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-10-26T00:00:00",
"ID" : "CVE-2017-6157",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, Websafe",
"version" : {
"version_data" : [
{
"version_value" : "12.0.0 - 12.1.1"
},
{
"version_value" : "11.6.0 - 11.6.1"
},
{
"version_value" : "11.5.0 - 11.5.4"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +41,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote command-execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://support.f5.com/csp/article/K02692210"
}
]
}

58
2017/6xxx/CVE-2017-6159.json
View File

@ -1,8 +1,41 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-10-26T00:00:00",
"ID" : "CVE-2017-6159",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
"version" : {
"version_data" : [
{
"version_value" : "12.0.0 - 12.1.2"
},
{
"version_value" : "11.6.0 &#xe2"
},
{
"version_value" : "&#x80"
},
{
"version_value" : "\" 11.6.1"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +44,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://support.f5.com/csp/article/K10002335"
}
]
}

55
2017/6xxx/CVE-2017-6160.json
View File

@ -1,8 +1,38 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-10-26T00:00:00",
"ID" : "CVE-2017-6160",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP AAM, PEM",
"version" : {
"version_data" : [
{
"version_value" : "12.0.0 - 12.1.1"
},
{
"version_value" : "11.6.0 - 11.6.1"
},
{
"version_value" : "11.4.1 - 11.5.4"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +41,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://support.f5.com/csp/article/K19430431"
}
]
}

70
2017/6xxx/CVE-2017-6161.json
View File

@ -1,8 +1,53 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-10-26T00:00:00",
"ID" : "CVE-2017-6161",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator",
"version" : {
"version_data" : [
{
"version_value" : "12.0.0 - 12.1.2"
},
{
"version_value" : "11.6.0 &#xe2"
},
{
"version_value" : "&#x80"
},
{
"version_value" : "\" 11.6.1"
},
{
"version_value" : "11.4.0 &#xe2"
},
{
"version_value" : "&#x80"
},
{
"version_value" : "\" 11.5.4"
},
{
"version_value" : "11.2.1"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +56,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 â€\" 11.6.1, 11.4.0 â€\" 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://support.f5.com/csp/article/K62279530"
}
]
}

70
2017/6xxx/CVE-2017-6162.json
View File

@ -1,8 +1,53 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-10-26T00:00:00",
"ID" : "CVE-2017-6162",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe",
"version" : {
"version_data" : [
{
"version_value" : "12.0.0 - 12.1.2"
},
{
"version_value" : "11.6.0 &#xe2"
},
{
"version_value" : "&#x80"
},
{
"version_value" : "\" 11.6.1"
},
{
"version_value" : "11.4.0 &#xe2"
},
{
"version_value" : "&#x80"
},
{
"version_value" : "\" 11.5.4"
},
{
"version_value" : "11.2.1"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +56,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://support.f5.com/csp/article/K13421245"
}
]
}

67
2017/6xxx/CVE-2017-6163.json
View File

@ -1,8 +1,50 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-10-26T00:00:00",
"ID" : "CVE-2017-6163",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM",
"version" : {
"version_data" : [
{
"version_value" : "12.0.0 - 12.1.2"
},
{
"version_value" : "11.6.0 &#xe2"
},
{
"version_value" : "&#x80"
},
{
"version_value" : "\" 11.6.1"
},
{
"version_value" : "11.4.0 &#xe2"
},
{
"version_value" : "&#x80"
},
{
"version_value" : "\" 11.5.4"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +53,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with ClientSSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://support.f5.com/csp/article/K22541983"
}
]
}