Vulnerability CVE-2016-7475


Published: 2018-10-08

Description:
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
F5 -> Big-ip access policy manager 
F5 -> Big-ip advanced firewall manager 
F5 -> Big-ip application acceleration manager 
F5 -> Big-ip application security manager 
F5 -> Big-ip link controller 
F5 -> Big-ip local traffic manager 
F5 -> Big-ip policy enforcement manager 
F5 -> Big-ip protocol security module 

 References:
https://support.f5.com/csp/article/K01587042

Copyright 2024, cxsecurity.com

 

Back to Top