{ "id": "CVE-2020-5933", "sourceIdentifier": "f5sirt@f5.com", "published": "2020-10-29T16:15:15.510", "lastModified": "2024-11-21T05:34:51.310", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system." }, { "lang": "es", "value": "En las versiones 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1 y 11.6.1-11.6.5.1, cuando un sistema BIG-IP que contiene un servidor virtual configurado con un perfil de compresi\u00f3n HTTP procesa cargas \u00fatiles de mensajes HTTP comprimidos que requieren deflaci\u00f3n, un ataque de tipo Slowloris-style puede desencadenar una condici\u00f3n sin memoria en el sistema BIG-IP" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "baseScore": 7.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "BB236652-BD60-4FEF-9D59-8B49FB3A7655" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "EE0532FA-7B7B-46B3-AB10-0920034A7E43" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.3.4", "matchCriteriaId": "CF3BAF12-9795-4C5A-81A5-EFCEB46630C3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.4", "matchCriteriaId": "471EEDFE-F399-4DA4-A229-F35570514346" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "C0F7F86F-EB88-44C8-83A4-2FC48CF39B73" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "ADB2B518-F813-4B11-BBF5-0BFB2979A6B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "3B3DCE49-C37D-4951-AB57-7CDDEBA1C1E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.3.4", "matchCriteriaId": "18AA373F-C5FE-42A4-AF3C-26F51F124A34" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.4", "matchCriteriaId": "3EB7CEBE-7EB5-48BD-89F5-DE3B20C0946A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "60500DD5-0163-40B8-961B-64E1634B456F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "31E16A1B-E305-4390-976C-5F33A82EF396" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "0C3E75CB-C764-4868-8459-1FAC03506EE8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.3.4", "matchCriteriaId": "87EDF992-832C-4A4D-8766-F3D7135E74CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.4", "matchCriteriaId": "0239DD74-6914-4B1C-9DA4-8D8D799A9B58" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "4B62CF9F-F861-4AA3-9B2C-EDDA465BA06A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "0FB118FB-2EFB-4F17-B6E1-FC4B46B9C265" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "5D3F7911-FB00-4612-9109-9E7A407BC7B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.3.4", "matchCriteriaId": "C86000FB-C74C-48E2-A4DE-8326805D5A1E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.4", "matchCriteriaId": "D36C6B19-D8ED-4E32-AEA1-D045F3B922DC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "4770A77A-13EF-4E35-B006-48018F617FAA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "8999F566-9884-4CAA-BED7-8CF72F11E6F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "91BF72A9-EB50-4315-B956-5926967DCC46" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.3.4", "matchCriteriaId": "33F9B68F-5888-4099-BBC6-DD88343AC508" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.4", "matchCriteriaId": "5AAA2418-D5A0-44D9-B4C7-D55553D374C1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "FDD7AFF9-61D8-4D1B-BAD6-F74AD0CD364E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "F997F6D8-D08D-4EB0-BEA7-288AEFD6F28C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "73EC8EDA-669A-4750-934F-3B3FBF557080" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.3.4", "matchCriteriaId": "85FAFA26-3B92-4CAE-8DD6-0A26B49794A8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.4", "matchCriteriaId": "F10D272B-F8F8-4D67-B562-3B2AC9F30E52" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "61441082-FDA0-485E-B945-E6216DCCED43" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "925DA0B2-7570-4819-845C-C35E5B168F80" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "A0581EEF-98E6-4961-8178-BA2D7647F931" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.3.4", "matchCriteriaId": "A6B0B7F5-5F35-4D0B-84D9-F0C198632E41" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.4", "matchCriteriaId": "1A8809FF-F8DF-48E8-9885-CD0C2AD79024" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "DAB5474D-11C7-4CA1-9386-8F12FD95CCB6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "A4A036A0-5E0C-4E64-B88D-D1B61257896E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "32773569-67FE-4F08-A613-E507FCDEACEF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.3.4", "matchCriteriaId": "8E6EB084-C77A-4375-BB96-F961E7DBCAA2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.4", "matchCriteriaId": "3092DC8B-088E-45D2-BF0E-2E99C5395431" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "B5F5C326-1BCE-47FC-A334-B485C755AAE6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "97AB336E-2A10-4508-9F20-DB54D628355F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "4494F771-4026-478C-8004-B162653DC80C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.3.4", "matchCriteriaId": "37FEF755-ED1A-4F9C-B19F-3D136A07E1DA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.4", "matchCriteriaId": "F1D72DB2-91EA-4DBB-A68F-DC5127930755" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "0E48624E-6D03-423A-9232-6847E4A0AAFB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.5.2", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "D9E075C4-18DD-4723-8B48-D0734169A1FA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "A97489DC-A5DE-48AD-BBA2-F9078070F53A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.3.4", "matchCriteriaId": "A88C898D-79BE-430A-994F-61BE8E4D1E2F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.4", "matchCriteriaId": "C4B00FFF-D49D-4C1C-9416-F6E95049945C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "FD2B708E-78D3-4016-9176-C364CBE20DA8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "78F7A30F-4455-420D-9254-E9910E16EC3F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "1EDB944B-DF60-45AF-AD60-33E9667E0D12" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.3.4", "matchCriteriaId": "41E9F7D6-21EC-4893-A93C-E0E4661DC2FF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.4", "matchCriteriaId": "DD3A8B31-C29E-4F5C-A95E-DB3F88E83A6D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "240E6558-C486-4FEB-A7AC-CCB3692D4331" } ] } ] } ], "references": [ { "url": "https://support.f5.com/csp/article/K26244025", "source": "f5sirt@f5.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://support.f5.com/csp/article/K26244025", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }