PT-2015-6647 · F5 · F5 Big-Ip Gtm+8
Published
2015-09-18
·
Updated
2015-09-22
·
CVE-2015-4638
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM versions 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4
F5 BIG-IP Edge Gateway, WebAccelerator, and WOM versions 11.2.1 through 11.3.0
F5 BIG-IP PSM versions 11.2.1 through 11.4.1
Description
The issue allows remote attackers to cause a denial of service, resulting in a Traffic Management Microkernel restart, via a fragmented packet.
Recommendations
For F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM versions 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, update to a version outside of the affected range to resolve the issue.
For F5 BIG-IP Edge Gateway, WebAccelerator, and WOM versions 11.2.1 through 11.3.0, update to a version outside of the affected range to resolve the issue.
For F5 BIG-IP PSM versions 11.2.1 through 11.4.1, update to a version outside of the affected range to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip Apm
F5 Big-Ip Analytics
F5 Big-Ip Edge Gateway
F5 Big-Ip Gtm
F5 Big-Ip Ltm
F5 Big-Ip Link Controller
F5 Big-Ip Pem
F5 Big-Ip Wom
F5 Big-Ip Webaccelerator