PT-2018-8305 · F5 · F5 Big-Ip
Published
2018-02-06
·
Updated
2018-03-13
·
CVE-2017-6169
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 11.6.0 through 11.6.2
F5 BIG-IP versions 12.0.0 through 12.1.3
F5 BIG-IP version 13.0.0
Description
The issue occurs when an F5 BIG-IP virtual server using the URL categorization feature receives malformed URLs during categorization, potentially causing the Traffic Management Microkernel (TMM) to produce a core file.
Recommendations
For F5 BIG-IP versions 11.6.0 through 11.6.2, update to a version that does not use the vulnerable URL categorization feature or apply a configuration change to prevent the TMM from producing a core file when receiving malformed URLs.
For F5 BIG-IP versions 12.0.0 through 12.1.3, update to a version that does not use the vulnerable URL categorization feature or apply a configuration change to prevent the TMM from producing a core file when receiving malformed URLs.
For F5 BIG-IP version 13.0.0, update to a version that does not use the vulnerable URL categorization feature or apply a configuration change to prevent the TMM from producing a core file when receiving malformed URLs.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip