Denial of Service Vulnerability in F5 BIG-IP Products
CVE-2018-15319

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator)
Vendor: CVE Published:; 31 October 2018

What is CVE-2018-15319?

On affected versions of F5 BIG-IP, specifically those with the non-default 'normalize URI' configuration in iRules or BIG-IP LTM policies, maliciously crafted HTTP requests directed at virtual servers can exploit this vulnerability, leading to unintended restarts of the Traffic Management Microkernel (TMM). This behavior can disrupt services and impact availability, making it critical for users to apply appropriate mitigations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6

References

http://www.securityfocus.com/bid/107052

vdb-entryx_refsource_BID

https://support.f5.com/csp/article/K64208870

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2018
Vulnerability Reserved
Aug 14, 2018

JSON

F5

What is CVE-2018-15319?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.