PT-2018-17029 · F5 · F5 Big-Ip
Published
2018-07-19
·
Updated
2018-12-05
·
CVE-2018-5535
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 11.5.1 through 11.6.3
F5 BIG-IP versions 12.1.0 through 12.1.3
F5 BIG-IP versions 13.0.0 through 13.1.0
F5 BIG-IP version 14.0.0
Description
The issue occurs when specifically crafted HTTP responses are processed by a Virtual Server with an associated QoE profile that has Video enabled, causing TMM to incorrectly buffer response data. This results in the TMM restarting, leading to a Denial of Service.
Recommendations
For F5 BIG-IP versions 11.5.1 through 11.6.3, consider disabling the Video feature in QoE profiles associated with Virtual Servers to prevent exploitation.
For F5 BIG-IP versions 12.1.0 through 12.1.3, consider disabling the Video feature in QoE profiles associated with Virtual Servers to prevent exploitation.
For F5 BIG-IP versions 13.0.0 through 13.1.0, consider disabling the Video feature in QoE profiles associated with Virtual Servers to prevent exploitation.
For F5 BIG-IP version 14.0.0, consider disabling the Video feature in QoE profiles associated with Virtual Servers to prevent exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip