Vulnerabilities for Traffix signaling delivery controller (...) - CXSECURITY.COM

Vulnerabilities for
'Traffix signaling delivery controller'

2022-05-05

CVE-2022-27662

CWE-1336

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2022-27880

CWE-79

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

2019-02-27

CVE-2019-1559

CWE-200

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

2019-01-02

CVE-2018-20657

CWE-772

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

2018-12-09

CVE-2018-20002

CWE-772

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

>>> Vendor: F5 76 Products

Icontrol service manager

Enterprise manager

Firepass ssl vpn

Big-ip application security manager

Big-ip protocol security manager

Big-ip local traffic manager

Big-ip global traffic manager

Application security manager appliance

Big-ip access policy manager

Big-ip edge gateway

Big-ip link controller

Big-ip protocol security module

Big-ip wan optimization manager

Big-ip webaccelerator

Big-ip configuration utility

Big-ip analytics

Big-ip advanced firewall manager

Big-ip application acceleration manager

Big-ip policy enforcement manager

Arx data manager

Big-iq security

Big-ip policy enforcement manager11.5.1

Big-ip enterprise manager

Big-ip domain name system

Big-ip global traffic manager11.2.0

Big-iq application delivery controller

Big-iq centralized management

Big-iq cloud and orchestration

Ssl intercept iapp

Ssl orchestrator

Big-ip fraud protection service

Traffix systems signaling delivery controller

Big-ip access policy manager client

Traffix signaling delivery controller

Big-ip webaccelerator12.1.1

Websafe alert server

Container ingress service

Big-ip controller

Nginx controller

Big-ip advanced web application firewall

Big-ip ddos hybrid defender

Big-ip ssl orchestrator

Big-ip carrier-grade nat

Access policy manager clients

Nginx modsecurity waf

Nginx controller api management

Access for android

Nginx service mesh

Big-ip guided configuration

Copyright 2024, cxsecurity.com