var-201705-3544
Vulnerability from variot
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. plural F5 BIG-IP Product Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is a load balancer that uses a variety of allocation algorithms to distribute network requests to available servers in a server cluster. By managing incoming web data traffic and increasing effective network bandwidth, network visitors get as much as possible. The hardware device for the best networking experience. A F5BIG-IPTCP packet has a denial of service vulnerability that remote users can use to send a specially crafted sequence of packets, causing the target traffic management microkernel (TMM) to be interrupted. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. Security flaws exist in several F5 products. An attacker could exploit this vulnerability to compromise services used by the Traffic Management Microkernel (TMM). The following products and versions are affected: F5 BIG-IP LTM Release 11.6.1 HF1, Release 12.0.0 HF3, Release 12.0.0 HF4, Release 12.1.0 through Release 12.1.2; BIG-IP AAM Release 11.6.1 HF1, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1.2 release; BIG-IP AFM 11.6.1 HF1 release, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1 release .2 releases; BIG-IP Analytics 11.6.1 HF1 release, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 through 12.1.2 releases; BIG-IP APM 11.6.1 HF1 release, 12.0.0 HF3 release Version, version 12.0.0 HF4, version 12.1.0 to version 12.1.2; BIG-IP ASM version 11.6.1 HF1, version 12.0.0 HF3, version 12.0.0 HF4, version 12.1.0 to version 12.1.2; BIG-IP DNS Version 12.0.0 HF3, Version 12.0.0 HF4, Versions 12.1.0 to 12.1.2; BIG-IP GTM Version 11.6.1 HF1; BIG-IP Link Controller Version 11.6.1 HF1, Version 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1.2 release; BIG-IP PEM 11.6.1 HF1 release, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1.2 release ; BIG-IP WebSafe Version 11.6.1 HF1, Version 12.0.0 HF3, Version 12.0.0 HF4, Versions 12.1.0 through 12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3544",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip analytics",
"scope": null,
"trust": 1.4,
"vendor": "f5",
"version": null
},
{
"model": "big-ip link controller",
"scope": null,
"trust": 1.4,
"vendor": "f5",
"version": null
},
{
"model": "big-ip edge gateway",
"scope": null,
"trust": 1.4,
"vendor": "f5",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip access policy manager",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip application acceleration manager",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip application security manager",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip domain name system",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip global traffic manager",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip local traffic manager",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip policy enforcement manager",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip websafe",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip aam",
"scope": null,
"trust": 0.6,
"vendor": "f5",
"version": null
},
{
"model": "big-ip ltm",
"scope": null,
"trust": 0.6,
"vendor": "f5",
"version": null
},
{
"model": "big-ip afm",
"scope": null,
"trust": 0.6,
"vendor": "f5",
"version": null
},
{
"model": "big-ip apm",
"scope": null,
"trust": 0.6,
"vendor": "f5",
"version": null
},
{
"model": "big-ip asm",
"scope": null,
"trust": 0.6,
"vendor": "f5",
"version": null
},
{
"model": "big-ip webaccelerator",
"scope": null,
"trust": 0.6,
"vendor": "f5",
"version": null
},
{
"model": "big-ip dns",
"scope": null,
"trust": 0.6,
"vendor": "f5",
"version": null
},
{
"model": "big-ip psm",
"scope": null,
"trust": 0.6,
"vendor": "f5",
"version": null
},
{
"model": "big-ip pem",
"scope": null,
"trust": 0.6,
"vendor": "f5",
"version": null
},
{
"model": "big-ip websafe hf1",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip websafe hf3",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip websafe hf4",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 0.6,
"vendor": "f5",
"version": "12.1.0\u003c=12.1.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06372"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003996"
},
{
"db": "NVD",
"id": "CVE-2017-6137"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-783"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:12.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:11.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:11.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6137"
}
]
},
"cve": "CVE-2017-6137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6137",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-06372",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-114340",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6137",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6137",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-06372",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-783",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114340",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06372"
},
{
"db": "VULHUB",
"id": "VHN-114340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003996"
},
{
"db": "NVD",
"id": "CVE-2017-6137"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-783"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. plural F5 BIG-IP Product Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is a load balancer that uses a variety of allocation algorithms to distribute network requests to available servers in a server cluster. By managing incoming web data traffic and increasing effective network bandwidth, network visitors get as much as possible. The hardware device for the best networking experience. A F5BIG-IPTCP packet has a denial of service vulnerability that remote users can use to send a specially crafted sequence of packets, causing the target traffic management microkernel (TMM) to be interrupted. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. Security flaws exist in several F5 products. An attacker could exploit this vulnerability to compromise services used by the Traffic Management Microkernel (TMM). The following products and versions are affected: F5 BIG-IP LTM Release 11.6.1 HF1, Release 12.0.0 HF3, Release 12.0.0 HF4, Release 12.1.0 through Release 12.1.2; BIG-IP AAM Release 11.6.1 HF1, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1.2 release; BIG-IP AFM 11.6.1 HF1 release, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1 release .2 releases; BIG-IP Analytics 11.6.1 HF1 release, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 through 12.1.2 releases; BIG-IP APM 11.6.1 HF1 release, 12.0.0 HF3 release Version, version 12.0.0 HF4, version 12.1.0 to version 12.1.2; BIG-IP ASM version 11.6.1 HF1, version 12.0.0 HF3, version 12.0.0 HF4, version 12.1.0 to version 12.1.2; BIG-IP DNS Version 12.0.0 HF3, Version 12.0.0 HF4, Versions 12.1.0 to 12.1.2; BIG-IP GTM Version 11.6.1 HF1; BIG-IP Link Controller Version 11.6.1 HF1, Version 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1.2 release; BIG-IP PEM 11.6.1 HF1 release, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1.2 release ; BIG-IP WebSafe Version 11.6.1 HF1, Version 12.0.0 HF3, Version 12.0.0 HF4, Versions 12.1.0 through 12",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6137"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003996"
},
{
"db": "CNVD",
"id": "CNVD-2017-06372"
},
{
"db": "VULHUB",
"id": "VHN-114340"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6137",
"trust": 3.1
},
{
"db": "SECTRACK",
"id": "1038409",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003996",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-783",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-06372",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114340",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06372"
},
{
"db": "VULHUB",
"id": "VHN-114340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003996"
},
{
"db": "NVD",
"id": "CVE-2017-6137"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-783"
}
]
},
"id": "VAR-201705-3544",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06372"
},
{
"db": "VULHUB",
"id": "VHN-114340"
}
],
"trust": 1.12026261
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06372"
}
]
},
"last_update_date": "2023-12-18T13:39:00.253000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "K82851041: TMM vulnerability CVE-2017-6137",
"trust": 0.8,
"url": "https://support.f5.com/csp/article/k82851041"
},
{
"title": "F5BIG-IPTCP Packet Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/93431"
},
{
"title": "Multiple F5 Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99651"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06372"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003996"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-783"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003996"
},
{
"db": "NVD",
"id": "CVE-2017-6137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.f5.com/csp/article/k82851041"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038409"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6137"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6137"
},
{
"trust": 0.6,
"url": "http://securitytracker.com/id/1038409"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06372"
},
{
"db": "VULHUB",
"id": "VHN-114340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003996"
},
{
"db": "NVD",
"id": "CVE-2017-6137"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-783"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-06372"
},
{
"db": "VULHUB",
"id": "VHN-114340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003996"
},
{
"db": "NVD",
"id": "CVE-2017-6137"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-783"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06372"
},
{
"date": "2017-05-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114340"
},
{
"date": "2017-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003996"
},
{
"date": "2017-05-09T15:29:00.407000",
"db": "NVD",
"id": "CVE-2017-6137"
},
{
"date": "2017-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-783"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06372"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114340"
},
{
"date": "2017-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003996"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-6137"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-783"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-783"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural F5 BIG-IP Product Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003996"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-783"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.