PT-2018-4991 · F5 · F5 Big-Ip
Published
2018-10-08
·
Updated
2019-01-09
·
CVE-2016-7475
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 11.4.0 through 11.5.4 HF1
F5 BIG-IP versions 11.6.0 through 11.6.1
F5 BIG-IP versions 12.0.0 through 12.1.0
Description
The issue arises under certain circumstances when the Traffic Management Microkernel (TMM) fails to properly clean up pool member network connections. This occurs specifically when using SPDY or HTTP/2 virtual server profiles.
Recommendations
For F5 BIG-IP versions 11.4.0 through 11.5.4 HF1, consider disabling the use of SPDY or HTTP/2 virtual server profiles until a fix is available.
For F5 BIG-IP versions 11.6.0 through 11.6.1, consider disabling the use of SPDY or HTTP/2 virtual server profiles until a fix is available.
For F5 BIG-IP versions 12.0.0 through 12.1.0, consider disabling the use of SPDY or HTTP/2 virtual server profiles until a fix is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip