CVE-2018-5514

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip (ltm, Aam, Afm, Apm, Asm, Link Controller, Pem, Webaccelerator, Websafe)
Vendor: CVE Published:; 2 May 2018

Summary

On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, APM, ASM, Link Controller, PEM, WebAccelerator, WebSafe) 13.1.0-13.1.0.5

References

https://support.f5.com/csp/article/K45320419

x_refsource_CONFIRM

http://www.securitytracker.com/id/1040804

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/104097

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2018
Vulnerability Reserved
Jan 12, 2018