PT-2017-9196 · F5 · Psm+9
Publicado
2017-05-11
·
Atualizado
2019-06-06
·
CVE-2016-7476
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe versions 11.3.0 through 11.4.1 HF9
F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe versions 11.5.0 through 11.5.3 HF1
F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe versions 11.6.0 through 11.6.0 HF5
Description
The issue is related to a memory leak in the Traffic Management Microkernel (TMM) when handling certain types of TCP traffic. This can be exploited by remote attackers to cause a denial of service (DoS) using a crafted TCP packet.
Recommendations
For versions 11.3.0 through 11.4.1 HF9, update to version 11.4.1 HF10 or later.
For versions 11.5.0 through 11.5.3 HF1, update to version 11.5.3 HF2 or later.
For versions 11.6.0 through 11.6.0 HF5, update to version 11.6.0 HF6 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Aam
Afm
Apm
Asm
Big-Ip Ltm
Gtm
Link Controller
Pem
Psm
Websafe