PT-2018-8305 · F5 · F5 Big-Ip
Publicado
2018-02-06
·
Atualizado
2018-03-13
·
CVE-2017-6169
CVSS v3.1
6.8
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 11.6.0 through 11.6.2
F5 BIG-IP versions 12.0.0 through 12.1.3
F5 BIG-IP version 13.0.0
Description
The issue occurs when an F5 BIG-IP virtual server using the URL categorization feature receives malformed URLs during categorization, potentially causing the Traffic Management Microkernel (TMM) to produce a core file.
Recommendations
For F5 BIG-IP versions 11.6.0 through 11.6.2, update to a version that does not use the vulnerable URL categorization feature or apply a configuration change to prevent the TMM from producing a core file when receiving malformed URLs.
For F5 BIG-IP versions 12.0.0 through 12.1.3, update to a version that does not use the vulnerable URL categorization feature or apply a configuration change to prevent the TMM from producing a core file when receiving malformed URLs.
For F5 BIG-IP version 13.0.0, update to a version that does not use the vulnerable URL categorization feature or apply a configuration change to prevent the TMM from producing a core file when receiving malformed URLs.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
F5 Big-Ip