PT-2018-17008 · F5 · F5 Big-Ip

Publicado

2018-05-02

Atualizado

2018-06-13

CVE-2018-5514

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 13.1.0 through 13.1.0.5

Description The issue allows maliciously crafted HTTP/2 request frames to cause a denial of service. This exposure is specific to the data plane for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue.

Recommendations For F5 BIG-IP versions 13.1.0 through 13.1.0.5, consider disabling the HTTP2 profile as a temporary workaround to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-5514

Produtos afetados

F5 Big-Ip

PT-2018-17008 · F5 · F5 Big-Ip

CVE-2018-5514

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5