PT-2018-17030 · F5 · F5 Big-Ip Apm

Published

2018-07-25

Updated

2019-10-03

CVE-2018-5536

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP APM versions 12.1.0 through 12.1.3.5 F5 BIG-IP APM versions 13.0.0 through 13.1.0.7

Description A remote attacker may exploit an F5 BIG-IP APM virtual server configured with an APM per-request policy object, causing a memory leak in the APM module.

Recommendations For F5 BIG-IP APM versions 12.1.0 through 12.1.3.5, update to a version outside of this range to resolve the issue. For F5 BIG-IP APM versions 13.0.0 through 13.1.0.7, update to a version outside of this range to resolve the issue.

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2018-5536

Affected Products

F5 Big-Ip Apm

PT-2018-17030 · F5 · F5 Big-Ip Apm

CVE-2018-5536

Weakness Enumeration

Related Identifiers

Affected Products

References · 4