CVE-2017-6153

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 13.0.0 through 13.1.0.3 F5 BIG-IP versions 12.1.0 through 12.1.3.1 F5 BIG-IP versions 11.6.1 through 11.6.3.1 F5 BIG-IP versions 11.5.1 through 11.5.5 F5 BIG-IP versions 11.2.1

Description The issue concerns a service disruption via a "Zip Bomb" attack. This attack affects features that utilize inflate functionality, either directly, via an iRule, or via the inflate code from the PEM module.

Recommendations For versions 13.0.0 through 13.1.0.3, consider disabling the inflate functionality to prevent service disruption. For versions 12.1.0 through 12.1.3.1, restrict the use of iRules that utilize inflate functionality. For versions 11.6.1 through 11.6.3.1, avoid using the inflate code from the PEM module. For versions 11.5.1 through 11.5.5, consider implementing configuration changes to minimize the risk of a "Zip Bomb" attack. For version 11.2.1, restrict access to features that utilize inflate functionality to minimize the risk of exploitation.