In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2023-02-01T18:15:10.820
2024-11-21T07:44:29.253
Modified
CVSSv3.1: 5.9 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | f5 | big-ip_access_policy_manager | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_access_policy_manager | < 17.0.0.2 | Yes |
| Application | f5 | big-ip_advanced_firewall_manager | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_advanced_firewall_manager | < 17.0.0.2 | Yes |
| Application | f5 | big-ip_analytics | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_analytics | < 17.0.0.2 | Yes |
| Application | f5 | big-ip_application_acceleration_manager | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_application_acceleration_manager | < 17.0.0.2 | Yes |
| Application | f5 | big-ip_application_security_manager | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_application_security_manager | < 17.0.0.2 | Yes |
| Application | f5 | big-ip_ddos_hybrid_defender | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_ddos_hybrid_defender | < 17.0.0.2 | Yes |
| Application | f5 | big-ip_domain_name_system | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_domain_name_system | < 17.0.0.2 | Yes |
| Application | f5 | big-ip_fraud_protection_service | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_fraud_protection_service | < 17.0.0.2 | Yes |
| Application | f5 | big-ip_link_controller | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_link_controller | < 17.0.0.2 | Yes |
| Application | f5 | big-ip_local_traffic_manager | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_local_traffic_manager | < 17.0.0.2 | Yes |
| Application | f5 | big-ip_policy_enforcement_manager | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_policy_enforcement_manager | < 17.0.0.2 | Yes |
| Application | f5 | big-ip_ssl_orchestrator | < 16.1.3.3 | Yes |
| Application | f5 | big-ip_ssl_orchestrator | < 17.0.0.2 | Yes |