Denial of Service Vulnerability in F5 BIG-IP Products
CVE-2018-5514
7.5HIGH
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 2 May 2018
Summary
A vulnerability exists in F5 BIG-IP versions 13.1.0 through 13.1.0.5 where maliciously crafted HTTP/2 request frames can be used to trigger a denial of service. This affects the data plane for virtual servers when the HTTP2 profile is enabled, exposing them to potential service disruptions. It's critical for administrators to evaluate their configurations and apply necessary patches to safeguard against this issue.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, APM, ASM, Link Controller, PEM, WebAccelerator, WebSafe) 13.1.0-13.1.0.5
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved