cve-2017-6159
Vulnerability from cvelistv5
Published
2017-10-27 14:00
Modified
2024-09-17 02:46
Severity ?
EPSS score ?
Summary
F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | http://www.securityfocus.com/bid/101633 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | http://www.securitytracker.com/id/1039669 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K10002335 | Vendor Advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039669",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039669"
},
{
"name": "101633",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101633"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K10002335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.0.0 - 12.1.2"
},
{
"status": "affected",
"version": "11.6.0 \u0026#xe2"
},
{
"status": "affected",
"version": "\u0026#x80"
},
{
"status": "affected",
"version": "\" 11.6.1"
}
]
}
],
"datePublic": "2017-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-02T09:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "1039669",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039669"
},
{
"name": "101633",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101633"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K10002335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-10-26T00:00:00",
"ID": "CVE-2017-6159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
"version": {
"version_data": [
{
"version_value": "12.0.0 - 12.1.2"
},
{
"version_value": "11.6.0 \u0026#xe2"
},
{
"version_value": "\u0026#x80"
},
{
"version_value": "\" 11.6.1"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039669",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039669"
},
{
"name": "101633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101633"
},
{
"name": "https://support.f5.com/csp/article/K10002335",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K10002335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6159",
"datePublished": "2017-10-27T14:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-17T02:46:34.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-6159\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2017-10-27T14:29:00.310\",\"lastModified\":\"2019-10-03T00:03:26.223\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic.\"},{\"lang\":\"es\",\"value\":\"F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe en sus versiones de software de la 12.0.0 a la 12.1.2 y de la 11.6.0 a la 11.6.1 son vulnerables a un ataque de denegaci\u00f3n de servicio (DoS) cuando la opci\u00f3n MPTCP est\u00e1 habilitada en un servidor virtual. El plano de datos es vulnerable cuando se utiliza la opci\u00f3n MPTCP de un perfil TCP. No hay ninguna exposici\u00f3n del plano de control. Un atacante podr\u00eda interrumpir los servicios haciendo que el TMM se reinicie, haciendo que no se pueda procesar el tr\u00e1fico temporalmente.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF5A5F6-4BA3-4276-8679-B5560EACF2E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2B502F2-404C-463B-B6BE-87489DC881F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82C7B1C-E195-4D94-B604-78FB464C4F81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F6C3144-D0DE-4248-BFCD-04A7E6104044\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0357B5ED-0600-4756-93E5-692987068596\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5B40837-EC2B-41FB-ACC3-806054EAF28C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48BE0210-7058-462A-BA17-845D3E4F52FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CA2FA6B-3930-432F-8FB5-E73604CEFE42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECA90FB8-E2CD-400F-B753-1B482E7FAC96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FEC804B-35DB-4A0C-9AEA-15527E0CC1B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEB228A9-0C01-4531-B2B2-38BB7B0E02E9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B276E4DF-69FC-4158-B93A-781A45605034\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBAB92C5-2D50-49CC-AECA-0D16BC44A788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"532AAF54-64EF-4852-B4F1-D5E660463704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC827031-CA39-4081-8CE0-30EAC78DF756\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7569903B-3A15-4A10-863B-6828337DD268\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45825991-D17D-42F1-87B4-7DF86B098B45\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFA77C6B-72DB-4D57-87CF-11F2C7EDB828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33BCA5B-CE91-451C-9821-2023A9E461C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCD2044C-AC6F-4145-B1A0-8EB26DCF1F8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FC866D4-CE8C-4408-AD1E-8643AC554CC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7563D979-BE37-4251-B92E-0DBDBE53F3FF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"475F0EF8-42CB-4099-9C4A-390F946C4924\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94DBCD7A-E4DA-4C08-87A4-960CF53A83E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62B0A70A-D101-443E-A543-5EC35E23D66F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DB2118A-0F9C-4273-BB07-85FEA32C785B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8541C9EF-69A8-4641-B173-3BCE0EDD20A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E24A3C71-0075-4738-B114-267337D050CD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CDEC701-DAB3-4D92-AA67-B886E6693E46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C641B4F-DCFF-4A1B-9E00-EDF18A270241\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E90C12AF-44BA-44A2-89ED-0C2497EEC8A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBBB6E7C-DA1A-479F-9DD2-DE0C3CA82E92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4913B437-33FF-4B5E-A855-9DA00B35E3B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDCFE65B-340B-4F7D-93A1-4390BBC8E67F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1EA4F45-35F7-4687-8D1A-A5ACD846500A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23FF9627-E561-4CF7-A685-6E33D2F6C98C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64273A2C-E5A1-4605-92DD-EBECC7F051D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E60CA151-1C3A-45B3-B939-E6F80063C595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58BAD5A9-9C67-4056-9344-07C8C42C8E88\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E6556BF-A50D-4872-BF81-9397A7ECEC9C\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/101633\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039669\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.f5.com/csp/article/K10002335\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.