Denial of Service Vulnerability in F5 BIG-IP Products
CVE-2015-4638

Currently unrated

Key Information:

Vendor: F5
Status: Big-ip Analytics; Big-ip Protocol Security Module; Big-ip Link Controller; Big-ip Edge Gateway
Vendor: CVE Published:; 18 September 2015

Summary

The FastL4 virtual server component within F5 BIG-IP products is prone to a denial of service vulnerability that can be exploited by remote attackers. By sending specially crafted fragmented packets, an attacker may force the Traffic Management Microkernel to restart, resulting in service interruptions. Affected versions include various releases of BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM between specified versions. It's imperative for users to assess their deployments and apply relevant security updates to mitigate associated risks.

References

https://support.f5.com/kb/en-us/solutions/public/17000/10...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1033578

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Sep 18, 2015
Vulnerability Reserved
Jun 16, 2015