PT-2018-4991 · F5 · F5 Big-Ip
Publicado
2018-10-08
·
Atualizado
2019-01-09
·
CVE-2016-7475
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 11.4.0 through 11.5.4 HF1
F5 BIG-IP versions 11.6.0 through 11.6.1
F5 BIG-IP versions 12.0.0 through 12.1.0
Description
The issue arises under certain circumstances when the Traffic Management Microkernel (TMM) fails to properly clean up pool member network connections. This occurs specifically when using SPDY or HTTP/2 virtual server profiles.
Recommendations
For F5 BIG-IP versions 11.4.0 through 11.5.4 HF1, consider disabling the use of SPDY or HTTP/2 virtual server profiles until a fix is available.
For F5 BIG-IP versions 11.6.0 through 11.6.1, consider disabling the use of SPDY or HTTP/2 virtual server profiles until a fix is available.
For F5 BIG-IP versions 12.0.0 through 12.1.0, consider disabling the use of SPDY or HTTP/2 virtual server profiles until a fix is available.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
F5 Big-Ip