Denial of Service Vulnerability in F5 BIG-IP Products
CVE-2018-5514

7.5HIGH

Key Information:

Vendor
F5
Status
Big-ip (ltm, Aam, Afm, Apm, Asm, Link Controller, Pem, Webaccelerator, Websafe)
Vendor
CVE Published:
2 May 2018

Summary

A vulnerability exists in F5 BIG-IP versions 13.1.0 through 13.1.0.5 where maliciously crafted HTTP/2 request frames can be used to trigger a denial of service. This affects the data plane for virtual servers when the HTTP2 profile is enabled, exposing them to potential service disruptions. It's critical for administrators to evaluate their configurations and apply necessary patches to safeguard against this issue.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, APM, ASM, Link Controller, PEM, WebAccelerator, WebSafe) 13.1.0-13.1.0.5

References

https://support.f5.com/csp/article/K45320419
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040804
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104097
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.