cvelistv5 - CVE-2019-6637

CVE-2019-6637 (GCVE-0-2019-6637)

Vulnerability from cvelistv5 – Published: 2019-07-03 18:20 – Updated: 2024-08-04 20:23

Summary

Severity ?

No CVSS data available.

CWE

Assigner

References

URL

Tags

	https://support.f5.com/csp/article/K29149494	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/109091	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	F5	BIG-IP (ASM)	Affected: BIG-IP (ASM) 14.1.0-14.1.0.5 Affected: 14.0.0-14.0.0.4 Affected: 13.0.0-13.1.1.4 Affected: 12.1.0-12.1.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:22.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K29149494"
          },
          {
            "name": "109091",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109091"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP (ASM)",
          "vendor": "F5",
          "versions": [
            {
              "status": "affected",
              "version": "BIG-IP (ASM) 14.1.0-14.1.0.5"
            },
            {
              "status": "affected",
              "version": "14.0.0-14.0.0.4"
            },
            {
              "status": "affected",
              "version": "13.0.0-13.1.1.4"
            },
            {
              "status": "affected",
              "version": "12.1.0-12.1.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "DoS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-10T16:06:15",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K29149494"
        },
        {
          "name": "109091",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109091"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2019-6637",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP (ASM)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "BIG-IP (ASM) 14.1.0-14.1.0.5"
                          },
                          {
                            "version_value": "14.0.0-14.0.0.4"
                          },
                          {
                            "version_value": "13.0.0-13.1.1.4"
                          },
                          {
                            "version_value": "12.1.0-12.1.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "F5"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DoS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K29149494",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K29149494"
            },
            {
              "name": "109091",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109091"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2019-6637",
    "datePublished": "2019-07-03T18:20:18",
    "dateReserved": "2019-01-22T00:00:00",
    "dateUpdated": "2024-08-04T20:23:22.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndExcluding\": \"12.1.4.1\", \"matchCriteriaId\": \"B50AFE19-77F8-4BCC-B287-E967497DF44A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndExcluding\": \"13.1.1.5\", \"matchCriteriaId\": \"D1209416-7A72-4B4E-B493-DCB1A04A39E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndExcluding\": \"14.0.0.5\", \"matchCriteriaId\": \"A313A6FD-0436-44B7-A4E9-F96FDE8224C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndExcluding\": \"14.1.0.6\", \"matchCriteriaId\": \"6E65DCA8-A17D-4E31-B8FC-6180C3CC9807\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \\\"Guest\\\" or greater privilege. Note: \\\"No Access\\\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack.\"}, {\"lang\": \"es\", \"value\": \"En BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 y 12.1.0-12.1.4, el abuso de la l\\u00f3gica de la aplicaci\\u00f3n de los puntos finales ASM REST puede llevar a Inestabilidad del sistema BIG-IP. La operaci\\u00f3n de este problema provoca un consumo excesivo de memoria, lo que provoca que el kernel de Linux active el asesino OOM en procesos arbitrarios. El ataque requiere un usuario identificado con el rol de \\\"Invitado\\\" o un privilegio mayor. Nota: \\\"Sin acceso\\\" no puede iniciar sesi\\u00f3n, por lo que t\\u00e9cnicamente es un rol, pero un usuario con este rol de acceso no puede realizar el ataque.\"}]",
      "id": "CVE-2019-6637",
      "lastModified": "2024-11-21T04:46:51.433",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:N/A:P\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-07-03T19:15:13.220",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/109091\", \"source\": \"f5sirt@f5.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.f5.com/csp/article/K29149494\", \"source\": \"f5sirt@f5.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/109091\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.f5.com/csp/article/K29149494\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "f5sirt@f5.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6637\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2019-07-03T19:15:13.220\",\"lastModified\":\"2024-11-21T04:46:51.433\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \\\"Guest\\\" or greater privilege. Note: \\\"No Access\\\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack.\"},{\"lang\":\"es\",\"value\":\"En BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 y 12.1.0-12.1.4, el abuso de la l\u00f3gica de la aplicaci\u00f3n de los puntos finales ASM REST puede llevar a Inestabilidad del sistema BIG-IP. La operaci\u00f3n de este problema provoca un consumo excesivo de memoria, lo que provoca que el kernel de Linux active el asesino OOM en procesos arbitrarios. El ataque requiere un usuario identificado con el rol de \\\"Invitado\\\" o un privilegio mayor. Nota: \\\"Sin acceso\\\" no puede iniciar sesi\u00f3n, por lo que t\u00e9cnicamente es un rol, pero un usuario con este rol de acceso no puede realizar el ataque.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.4.1\",\"matchCriteriaId\":\"B50AFE19-77F8-4BCC-B287-E967497DF44A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"13.1.1.5\",\"matchCriteriaId\":\"D1209416-7A72-4B4E-B493-DCB1A04A39E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndExcluding\":\"14.0.0.5\",\"matchCriteriaId\":\"A313A6FD-0436-44B7-A4E9-F96FDE8224C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.0.6\",\"matchCriteriaId\":\"6E65DCA8-A17D-4E31-B8FC-6180C3CC9807\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/109091\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.f5.com/csp/article/K29149494\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/109091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.f5.com/csp/article/K29149494\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-G336-28Q4-56HJ

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2022-05-24 16:49

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6637"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-03T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack.",
  "id": "GHSA-g336-28q4-56hj",
  "modified": "2022-05-24T16:49:26Z",
  "published": "2022-05-24T16:49:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6637"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K29149494"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/109091"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201907-0143

Vulnerability from variot - Updated: 2023-12-18 12:17

On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of "Guest" or greater privilege. Note: "No Access" cannot login so technically it's a role but a user with this access role cannot perform the attack. BIG-IP (ASM) Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP ASM is prone to a denial-of-service vulnerability. F5 BIG-IP Application Security Manager (ASM) is a Web Application Firewall (WAF) of F5 Corporation in the United States, which provides secure remote access, protects email, simplifies Web access control, and enhances network and application performance. An attacker can exploit this vulnerability to consume a large amount of memory and terminate arbitrary processes. The following products and versions are affected: F5 BIG-IP ASM version 14.1.0 to 14.1.0.5, 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.4, 12.1.0 to 12.1.4 Version

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0143",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.1.5"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.4.1"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0.6"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0.5"
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "12.1.0 to  12.1.4"
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "13.0.0 to  13.1.1.4"
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "14.0.0 to  14.0.0.4"
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "14.1.0 to  14.1.0.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "14.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "14.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0.1"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.3"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.1.0.8"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.1.0.6"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.1.0.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.1.0.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.1.0.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.3.7"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.3.6"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.3.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.3.2"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "14.1.0.6"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "14.0.0.5"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.1.1.5"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.4.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "109091"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006207"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6637"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.1.5",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0.0.5",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.1.0.6",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1.4.1",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6637"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "109091"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-6637",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-6637",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-158072",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-6637",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-6637",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-050",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-158072",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158072"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006207"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-050"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack. BIG-IP (ASM) Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP ASM is prone to a denial-of-service vulnerability. F5 BIG-IP Application Security Manager (ASM) is a Web Application Firewall (WAF) of F5 Corporation in the United States, which provides secure remote access, protects email, simplifies Web access control, and enhances network and application performance. An attacker can exploit this vulnerability to consume a large amount of memory and terminate arbitrary processes. The following products and versions are affected: F5 BIG-IP ASM version 14.1.0 to 14.1.0.5, 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.4, 12.1.0 to 12.1.4 Version",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6637"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006207"
      },
      {
        "db": "BID",
        "id": "109091"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158072"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6637",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "109091",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006207",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-050",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2408",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-158072",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158072"
      },
      {
        "db": "BID",
        "id": "109091"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006207"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-050"
      }
    ]
  },
  "id": "VAR-201907-0143",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158072"
      }
    ],
    "trust": 0.55944443
  },
  "last_update_date": "2023-12-18T12:17:55.482000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "K29149494",
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/k29149494"
      },
      {
        "title": "F5 BIG-IP Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94286"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006207"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-050"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-400",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158072"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006207"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6637"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://support.f5.com/csp/article/k29149494"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/109091"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6637"
      },
      {
        "trust": 0.9,
        "url": "http://www.f5.com/products/big-ip/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6637"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k44885536"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k20445457"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k67825238"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k79902360"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k20541896"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k22384173"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k68151373"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k00432398"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k64855220"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-29665"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2408/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158072"
      },
      {
        "db": "BID",
        "id": "109091"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006207"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-050"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-158072"
      },
      {
        "db": "BID",
        "id": "109091"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006207"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-050"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158072"
      },
      {
        "date": "2019-07-02T00:00:00",
        "db": "BID",
        "id": "109091"
      },
      {
        "date": "2019-07-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006207"
      },
      {
        "date": "2019-07-03T19:15:13.220000",
        "db": "NVD",
        "id": "CVE-2019-6637"
      },
      {
        "date": "2019-07-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-050"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158072"
      },
      {
        "date": "2019-07-02T00:00:00",
        "db": "BID",
        "id": "109091"
      },
      {
        "date": "2019-07-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006207"
      },
      {
        "date": "2020-08-24T17:37:01.140000",
        "db": "NVD",
        "id": "CVE-2019-6637"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-050"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-050"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BIG-IP Vulnerable to resource exhaustion",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006207"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-050"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2019-32031

Vulnerability from cnvd - Published: 2019-09-18

Title

F5 BIG-IP Application Security Manager资源管理错误漏洞

Description

F5 BIG-IP Application Security Manager（ASM）是美国F5公司的一款Web应用程序防火墙（WAF），它提供安全的远程接入、保护电子邮件、简化Web接入控制，同时增强网络和应用性能。 F5 BIG-IP Application Security Manager存在资源管理错误漏洞。攻击者可利用该漏洞消耗大量内存，终止任意进程。

Severity

中

Patch Name

F5 BIG-IP Application Security Manager资源管理错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.f5.com/csp/article/K29149494

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-6637

Impacted products

Name
['F5 F5 BIG-IP Application Security Manager（ASM） >=14.1.0，<=14.1.0.5', 'F5 F5 BIG-IP Application Security Manager（ASM） >=14.0.0，<=14.0.0.4', 'F5 F5 BIG-IP Application Security Manager（ASM） >=13.0.0，<=13.1.1.4', 'F5 F5 BIG-IP Application Security Manager（ASM） >=12.1.0，<=12.1.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6637",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-6637"
    }
  },
  "description": "F5 BIG-IP Application Security Manager\uff08ASM\uff09\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899\uff08WAF\uff09\uff0c\u5b83\u63d0\u4f9b\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u3001\u4fdd\u62a4\u7535\u5b50\u90ae\u4ef6\u3001\u7b80\u5316Web\u63a5\u5165\u63a7\u5236\uff0c\u540c\u65f6\u589e\u5f3a\u7f51\u7edc\u548c\u5e94\u7528\u6027\u80fd\u3002\n\nF5 BIG-IP Application Security Manager\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6d88\u8017\u5927\u91cf\u5185\u5b58\uff0c\u7ec8\u6b62\u4efb\u610f\u8fdb\u7a0b\u3002",
  "discovererName": "F5",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.f5.com/csp/article/K29149494",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-32031",
  "openTime": "2019-09-18",
  "patchDescription": "F5 BIG-IP Application Security Manager\uff08ASM\uff09\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899\uff08WAF\uff09\uff0c\u5b83\u63d0\u4f9b\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u3001\u4fdd\u62a4\u7535\u5b50\u90ae\u4ef6\u3001\u7b80\u5316Web\u63a5\u5165\u63a7\u5236\uff0c\u540c\u65f6\u589e\u5f3a\u7f51\u7edc\u548c\u5e94\u7528\u6027\u80fd\u3002\r\n\r\nF5 BIG-IP Application Security Manager\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6d88\u8017\u5927\u91cf\u5185\u5b58\uff0c\u7ec8\u6b62\u4efb\u610f\u8fdb\u7a0b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 BIG-IP Application Security Manager\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "F5 F5 BIG-IP Application Security Manager\uff08ASM\uff09 \u003e=14.1.0\uff0c\u003c=14.1.0.5",
      "F5 F5 BIG-IP Application Security Manager\uff08ASM\uff09 \u003e=14.0.0\uff0c\u003c=14.0.0.4",
      "F5 F5 BIG-IP Application Security Manager\uff08ASM\uff09 \u003e=13.0.0\uff0c\u003c=13.1.1.4",
      "F5 F5 BIG-IP Application Security Manager\uff08ASM\uff09 \u003e=12.1.0\uff0c\u003c=12.1.4"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-6637",
  "serverity": "\u4e2d",
  "submitTime": "2019-07-09",
  "title": "F5 BIG-IP Application Security Manager\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

GSD-2019-6637

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-6637

Aliases

CVE-2019-6637

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6637",
    "description": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack.",
    "id": "GSD-2019-6637"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6637"
      ],
      "details": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack.",
      "id": "GSD-2019-6637",
      "modified": "2023-12-13T01:23:49.220183Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "f5sirt@f5.com",
        "ID": "CVE-2019-6637",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BIG-IP (ASM)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "BIG-IP (ASM) 14.1.0-14.1.0.5"
                        },
                        {
                          "version_value": "14.0.0-14.0.0.4"
                        },
                        {
                          "version_value": "13.0.0-13.1.1.4"
                        },
                        {
                          "version_value": "12.1.0-12.1.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "F5"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "DoS"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.f5.com/csp/article/K29149494",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K29149494"
          },
          {
            "name": "109091",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/109091"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.1.5",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0.0.5",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.1.0.6",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1.4.1",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2019-6637"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K29149494",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K29149494"
            },
            {
              "name": "109091",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/109091"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-07-03T19:15Z"
    }
  }
}

FKIE_CVE-2019-6637

Vulnerability from fkie_nvd - Published: 2019-07-03 19:15 - Updated: 2024-11-21 04:46

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
f5sirt@f5.com	http://www.securityfocus.com/bid/109091	Third Party Advisory, VDB Entry
f5sirt@f5.com	https://support.f5.com/csp/article/K29149494	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/109091	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K29149494	Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_application_security_manager	*
f5	big-ip_application_security_manager	*
f5	big-ip_application_security_manager	*
f5	big-ip_application_security_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B50AFE19-77F8-4BCC-B287-E967497DF44A",
              "versionEndExcluding": "12.1.4.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1209416-7A72-4B4E-B493-DCB1A04A39E1",
              "versionEndExcluding": "13.1.1.5",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A313A6FD-0436-44B7-A4E9-F96FDE8224C9",
              "versionEndExcluding": "14.0.0.5",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E65DCA8-A17D-4E31-B8FC-6180C3CC9807",
              "versionEndExcluding": "14.1.0.6",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of \"Guest\" or greater privilege. Note: \"No Access\" cannot login so technically it\u0027s a role but a user with this access role cannot perform the attack."
    },
    {
      "lang": "es",
      "value": "En BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 y 12.1.0-12.1.4, el abuso de la l\u00f3gica de la aplicaci\u00f3n de los puntos finales ASM REST puede llevar a Inestabilidad del sistema BIG-IP. La operaci\u00f3n de este problema provoca un consumo excesivo de memoria, lo que provoca que el kernel de Linux active el asesino OOM en procesos arbitrarios. El ataque requiere un usuario identificado con el rol de \"Invitado\" o un privilegio mayor. Nota: \"Sin acceso\" no puede iniciar sesi\u00f3n, por lo que t\u00e9cnicamente es un rol, pero un usuario con este rol de acceso no puede realizar el ataque."
    }
  ],
  "id": "CVE-2019-6637",
  "lastModified": "2024-11-21T04:46:51.433",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-03T19:15:13.220",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109091"
    },
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K29149494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K29149494"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-6637 (GCVE-0-2019-6637)

GHSA-G336-28Q4-56HJ

VAR-201907-0143

CNVD-2019-32031

GSD-2019-6637

FKIE_CVE-2019-6637

Tags

Sightings

Nomenclature