RSS   Vulnerabilities for
'Traffix signaling delivery controller'
   RSS

2019-02-27
 
CVE-2019-1559

CWE-200
 

 
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

 
2019-01-02
 
CVE-2018-20657

CWE-399
 

 
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

 
2018-12-09
 
CVE-2018-20002

CWE-399
 

 
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

 

 >>> Vendor: F5 60 Products
Big-ip
Icontrol service manager
Firepass 4100
Firepass 1000
Firepass
Firepass ssl vpn
Firepass 1200
Big-ip application security manager
Big-ip protocol security manager
Big-ip local traffic manager
Big-ip global traffic manager
Enterprise manager
Application security manager appliance
Big-ip access policy manager
Big-ip edge gateway
Big-ip link controller
Big-ip protocol security module
Big-ip wan optimization manager
Big-ip webaccelerator
Big-ip configuration utility
Big-ip analytics
Big-iq
Big-ip advanced firewall manager
Big-ip application acceleration manager
Big-ip policy enforcement manager
Arx data manager
ARX
Big-iq cloud
Big-iq device
Big-iq security
Linerate
Big-ip policy enforcement manager11.5.1
Big-iq adc
Big-ip enterprise manager
Big-ip domain name system
Big-ip global traffic manager11.2.0
Big-iq application delivery controller
Big-iq centralized management
Big-iq cloud and orchestration
Big-ip websafe
F5 iworkflow
Ssl intercept iapp
Ssl orchestrator
Big-ip aam
Big-ip afm
Big-ip apm
Big-ip asm
Big-ip ltm
Big-ip pem
Websafe
Big-ip dns
Big-ip fraud protection service
Traffix systems signaling delivery controller
Big-ip access policy manager client
TMOS
Traffix signaling delivery controller
Big-ip webaccelerator12.1.1
Traffix sdc
Websafe alert server
Iworkflow


Copyright 2019, cxsecurity.com

 

Back to Top