CVE-2018-5508

Name of the Vulnerable Software and Affected Versions F5 BIG-IP PEM versions 11.2.1, 11.5.1 through 11.5.5, 11.6.0 through 11.6.2, 12.0.0 through 12.1.3.1, 13.0.0

Description The issue occurs when TMM processes compressed data through a Virtual Server with an associated PEM profile that uses the content insertion option, potentially causing TMM to crash under certain conditions.

Recommendations For versions 11.2.1, consider disabling the content insertion option in the PEM profile until a fix is available. For versions 11.5.1 through 11.5.5, restrict the use of the Virtual Server with the associated PEM profile. For versions 11.6.0 through 11.6.2, avoid using the content insertion option in the PEM profile. For versions 12.0.0 through 12.1.3.1, disable the processing of compressed data through the Virtual Server with the associated PEM profile. For version 13.0.0, consider temporarily removing the PEM profile from the Virtual Server.