PT-2020-18792 · F5 · Big-Ip

Published

2020-04-30

Updated

2021-07-21

CVE-2020-5891

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions BIG-IP versions 14.1.0 through 14.1.2.3 BIG-IP versions 15.0.0 through 15.0.1.2 BIG-IP versions 15.1.0 through 15.1.0.1

Description The issue arises from undisclosed HTTP/2 requests that can cause a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile.

Recommendations For BIG-IP versions 14.1.0 through 14.1.2.3, update to a version that includes a fix for this issue. For BIG-IP versions 15.0.0 through 15.0.1.2, update to a version that includes a fix for this issue. For BIG-IP versions 15.1.0 through 15.1.0.1, update to a version that includes a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-5891

Affected Products

Big-Ip

PT-2020-18792 · F5 · Big-Ip

CVE-2020-5891

Related Identifiers

Affected Products

References · 3