PT-2018-17008 · F5 · F5 Big-Ip

Published

2018-05-02

Updated

2018-06-13

CVE-2018-5514

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 13.1.0 through 13.1.0.5

Description The issue allows maliciously crafted HTTP/2 request frames to cause a denial of service. This exposure is specific to the data plane for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue.

Recommendations For F5 BIG-IP versions 13.1.0 through 13.1.0.5, consider disabling the HTTP2 profile as a temporary workaround to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-5514

Affected Products

F5 Big-Ip

PT-2018-17008 · F5 · F5 Big-Ip

CVE-2018-5514

Weakness Enumeration

Related Identifiers

Affected Products

References · 5