PT-2022-26088 · F5 · F5 Big-Ip
Published
2022-10-19
·
Updated
2022-10-24
·
CVE-2022-41833
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 13.1.x
Description
The issue occurs when an iRule containing the
HTTP::collect command is configured on a virtual server, allowing undisclosed requests to cause the Traffic Management Microkernel (TMM) to terminate.Recommendations
For versions 13.1.x, consider disabling the
HTTP::collect command in iRules configured on virtual servers until a patch is available. Restrict access to virtual servers with affected iRules to minimize the risk of TMM termination.Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip