Denial-of-Service Vulnerability in BIG-IP Virtual Server by F5 Networks
CVE-2016-9249

7.5HIGH

Key Information:

Vendor

F5 Networks

Status
F5 Big-ip Ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Link Controller, Pem, Websafe
Vendor
CVE Published:
31 January 2017

What is CVE-2016-9249?

A specific traffic pattern sent to a BIG-IP Virtual Server with TCP Fast Open enabled could trigger an unexpected restart of the Traffic Management Microkernel (TMM). This behavior results in disruptions that may lead to a Denial-of-Service condition, affecting the server's availability and performance. It is critical for administrators to assess their BIG-IP configurations to mitigate potential impacts from this issue.

Affected Version(s)

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe 12.0.0-12.1.1

References

http://www.securityfocus.com/bid/95825
vdb-entryx_refsource_BID
https://support.f5.com/csp/article/K71282001
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037715
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-9249 : Denial-of-Service Vulnerability in BIG-IP Virtual Server by F5 Networks