Denial of Service Vulnerability in F5 BIG-IP Products
CVE-2018-15319
7.5HIGH
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 31 October 2018
Summary
On affected versions of F5 BIG-IP, specifically those with the non-default 'normalize URI' configuration in iRules or BIG-IP LTM policies, maliciously crafted HTTP requests directed at virtual servers can exploit this vulnerability, leading to unintended restarts of the Traffic Management Microkernel (TMM). This behavior can disrupt services and impact availability, making it critical for users to apply appropriate mitigations.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved