PT-2017-10508 · F5 · F5 Big-Ip Apm

Published

2017-05-09

Updated

2017-07-08

CVE-2017-0302

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP APM versions 12.0.0 through 12.1.2 F5 BIG-IP APM version 13.0.0

Description An issue exists where an authenticated user with an established access session to the BIG-IP APM system may cause a traffic disruption if the length of the requested URL is less than 16 characters.

Recommendations For F5 BIG-IP APM versions 12.0.0 through 12.1.2, update to a version that addresses this issue. For F5 BIG-IP APM version 13.0.0, update to a version that addresses this issue. As a temporary workaround, consider restricting access to URLs with lengths less than 16 characters to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-118

Related Identifiers

CVE-2017-0302

Affected Products

F5 Big-Ip Apm

PT-2017-10508 · F5 · F5 Big-Ip Apm

CVE-2017-0302

Weakness Enumeration

Related Identifiers

Affected Products

References · 4