mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
469 lines
17 KiB
JSON
469 lines
17 KiB
JSON
{
|
|
"id": "CVE-2018-5537",
|
|
"sourceIdentifier": "f5sirt@f5.com",
|
|
"published": "2018-07-25T14:29:00.337",
|
|
"lastModified": "2018-09-19T17:53:09.573",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Un atacante remoto podr\u00eda ser capaz de interrumpir los servicios en F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1 o 11.2.1-11.5.6 si el servidor virtual TMM est\u00e1 configurado con un perfil HTML o Rewrite. TMM podr\u00eda reiniciarse al procesar contenido HTML preparado del back end."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.6,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "HIGH",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 2.6
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 4.9,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.2.1",
|
|
"versionEndIncluding": "11.5.6",
|
|
"matchCriteriaId": "C0740491-CFC6-4D53-A39F-3244710282D0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.0",
|
|
"versionEndIncluding": "11.6.3.1",
|
|
"matchCriteriaId": "0329D778-511D-4AA4-BD93-4440A43A39F1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.3.5",
|
|
"matchCriteriaId": "D746D9C6-28DE-4170-9F08-16C58F160752"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0.0",
|
|
"versionEndIncluding": "13.1.0.5",
|
|
"matchCriteriaId": "192F21B2-E1A4-4247-908C-3E3E57465E5F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.2.1",
|
|
"versionEndIncluding": "11.5.6",
|
|
"matchCriteriaId": "C47559FB-EC85-4A3A-B967-0BD37934B33D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.0",
|
|
"versionEndIncluding": "11.6.3.1",
|
|
"matchCriteriaId": "16DC6150-D461-421F-848A-6FE723B428F8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.3.5",
|
|
"matchCriteriaId": "17F63A24-36A9-4C90-B73B-131A5658C4C1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0.0",
|
|
"versionEndIncluding": "13.1.0.5",
|
|
"matchCriteriaId": "F8569162-AB86-4470-A1E9-68C13E939504"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.2.1",
|
|
"versionEndIncluding": "11.5.6",
|
|
"matchCriteriaId": "88880F08-386C-4BC3-952D-DD1665D8B1EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.0",
|
|
"versionEndIncluding": "11.6.3.1",
|
|
"matchCriteriaId": "F69377CD-D4A6-4523-8975-327C4D95E7A5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.2",
|
|
"matchCriteriaId": "F3C3362F-1251-4E7B-B8CB-BBE7344A915E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0.0",
|
|
"versionEndIncluding": "13.1.0.5",
|
|
"matchCriteriaId": "D75A996F-6F86-4E73-9566-DB4AD574A363"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.2.1",
|
|
"versionEndIncluding": "11.5.6",
|
|
"matchCriteriaId": "D1C0F266-7321-4BBC-B5C6-8D25DCC1715F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.0",
|
|
"versionEndIncluding": "11.6.3.1",
|
|
"matchCriteriaId": "932E1FB1-D9BA-4DBD-8EEF-00A97B8D22D8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.3.5",
|
|
"matchCriteriaId": "8A537300-3211-4136-89C7-B99AD4F13B8C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0.0",
|
|
"versionEndIncluding": "13.1.0.5",
|
|
"matchCriteriaId": "547BE655-AAFE-4A65-B4EC-0E8497F5985E"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "10.1.0",
|
|
"versionEndIncluding": "11.5.6",
|
|
"matchCriteriaId": "524FE953-8052-4BD7-8DCA-83591D4159C8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.0",
|
|
"versionEndIncluding": "11.6.3.1",
|
|
"matchCriteriaId": "B487CBD2-1615-47DF-8C3B-A3B7E7DAB73A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.3.5",
|
|
"matchCriteriaId": "2F3FB133-5CC6-48EA-9A13-A29FAD93AC74"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0.0",
|
|
"versionEndIncluding": "13.1.0.5",
|
|
"matchCriteriaId": "05B0462C-2A3E-4135-9CDC-90BBDF63A970"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.2.1",
|
|
"versionEndIncluding": "11.5.6",
|
|
"matchCriteriaId": "55366FD7-D7BA-4D36-AC5D-1B822940842F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.0",
|
|
"versionEndIncluding": "11.6.3.1",
|
|
"matchCriteriaId": "04581A2D-4544-4F4F-9547-39B0A8A47998"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.3.5",
|
|
"matchCriteriaId": "FC818DB1-C85A-47A3-ABE2-0FFCD7AC3E40"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0.0",
|
|
"versionEndIncluding": "13.1.0.5",
|
|
"matchCriteriaId": "1E5E90FA-C6B1-4A8E-AD67-F09B8A2AF3EA"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.2.1",
|
|
"versionEndIncluding": "11.5.6",
|
|
"matchCriteriaId": "2FC80682-E373-4508-A297-EA19BF62BABA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.0",
|
|
"versionEndIncluding": "11.6.3.1",
|
|
"matchCriteriaId": "EC942249-E5D9-4CB1-A6D4-40333C20F561"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.3.5",
|
|
"matchCriteriaId": "2E5B875A-ACFE-4C98-B6C4-5A6262C09E23"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0.0",
|
|
"versionEndIncluding": "13.1.0.5",
|
|
"matchCriteriaId": "97D0ABF9-F32B-43F5-B2BC-AEF9B769E400"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.2.1",
|
|
"versionEndIncluding": "11.5.6",
|
|
"matchCriteriaId": "B885F0E9-8019-4053-AAAA-2C136D55FB71"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.0",
|
|
"versionEndIncluding": "11.6.3.1",
|
|
"matchCriteriaId": "A05B0169-F660-4515-8E13-625CE1ECEA8A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.3.5",
|
|
"matchCriteriaId": "56181224-56D4-43BE-A296-52DF599A2BD5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0.0",
|
|
"versionEndIncluding": "13.1.0.5",
|
|
"matchCriteriaId": "D92C4D12-184C-4FC3-96E1-338ACB75CB58"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.2.1",
|
|
"versionEndIncluding": "11.5.6",
|
|
"matchCriteriaId": "D655B3FF-5173-4850-B94C-B864E2115D95"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.0",
|
|
"versionEndIncluding": "11.6.3.1",
|
|
"matchCriteriaId": "10ADA02D-A399-4A9A-B2C7-95D9FC2D3DC3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.3.5",
|
|
"matchCriteriaId": "6355263D-8407-466D-BB71-CB6316EDC668"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0.0",
|
|
"versionEndIncluding": "13.1.0.5",
|
|
"matchCriteriaId": "EC5EC07C-24C1-42DF-865C-C386D6E52D3E"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.2.1",
|
|
"versionEndIncluding": "11.5.6",
|
|
"matchCriteriaId": "B854743A-3A6F-447D-96D0-FB020634487E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.3.1",
|
|
"matchCriteriaId": "58D79BDF-47EA-4066-8C59-AD84A8832B9F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.3.5",
|
|
"matchCriteriaId": "FBAB329D-E0E7-4B96-B5EE-FF11A4C8B6D7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0.0",
|
|
"versionEndIncluding": "13.1.0.5",
|
|
"matchCriteriaId": "08D72512-5D03-4A57-B3B8-BFB438630084"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://support.f5.com/csp/article/K94105051",
|
|
"source": "f5sirt@f5.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |