Details of VAR-201310-0399

ID

VAR-201310-0399

CVE

CVE-2013-6016

TITLE

plural F5 BIG-IP Product Traffic Management Microkernel Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004919

DESCRIPTION

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors. F5 BIG-IP is prone to a remote denial-of-service vulnerability. A successful exploit may allow an attacker to cause the Traffic Management Microkernel (TMM) to reload, denying service to legitimate users. Traffic Management Microkernel (TMM) is a service process running in the BIG-IP system of the US company F5 to perform traffic management. The vulnerability is caused by the fact that the BIG-IP system does not correctly transition the TCP connection to the ESTABLISHED state before receiving the ACK packet

Trust: 1.98

sources: NVD: CVE-2013-6016 // JVNDB: JVNDB-2013-004919 // BID: 63245 // VULHUB: VHN-66018

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.0.0	Trust: 2.4
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.0.0	Trust: 2.4
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.0.0	Trust: 1.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.0.0	Trust: 1.8
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.0.0	Trust: 1.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.0.0	Trust: 1.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.0.0	Trust: 1.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.0	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.0	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	9.4.7	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	9.4.7	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	9.4.6	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	9.4.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	9.4.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	9.4.6	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	9.4.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	9.4.8	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	9.4.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	9.4.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	9.4.8	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	9.4.4	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	9.4.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.1.0 to 10.2.2	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.0.0	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.0.0 to 10.2.2	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.1.0 to 10.2.2	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.0.0 to 10.2.2	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.0.0 to 10.2.2	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.0.0 to 10.2.2	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.0.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.0.0 to 11.4.1	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	9.4.5 to 9.4.8	Trust: 0.8
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.0.0 to 10.2.2	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.0.0 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	9.4.0 to 9.4.8	Trust: 0.8

sources: JVNDB: JVNDB-2013-004919 // CNNVD: CNNVD-201310-532 // NVD: CVE-2013-6016

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6016
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-6016
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201310-532
value:	HIGH
Trust: 0.6
VULHUB:	VHN-66018
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-6016
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66018
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66018 // JVNDB: JVNDB-2013-004919 // CNNVD: CNNVD-201310-532 // NVD: CVE-2013-6016

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-66018 // JVNDB: JVNDB-2013-004919 // NVD: CVE-2013-6016

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-532

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-532

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004919

PATCH

title:

SOL13233: TMM vulnerability CVE-2013-6016

url:

http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13233.html

Trust: 0.8

sources: JVNDB: JVNDB-2013-004919

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6016	Trust: 2.8
db:	SECUNIA	id:	55378	Trust: 1.7
db:	SECTRACK	id:	1029220	Trust: 1.1
db:	BID	id:	63245	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-004919	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-532	Trust: 0.7
db:	VULHUB	id:	VHN-66018	Trust: 0.1

sources: VULHUB: VHN-66018 // BID: 63245 // JVNDB: JVNDB-2013-004919 // CNNVD: CNNVD-201310-532 // NVD: CVE-2013-6016

REFERENCES

url:	http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13233.html	Trust: 1.7
url:	http://secunia.com/advisories/55378	Trust: 1.7
url:	http://www.securitytracker.com/id/1029220	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/88166	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6016	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6016	Trust: 0.8
url:	http://www.securityfocus.com/bid/63245	Trust: 0.6
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-66018 // BID: 63245 // JVNDB: JVNDB-2013-004919 // CNNVD: CNNVD-201310-532 // NVD: CVE-2013-6016

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 63245

SOURCES

db:	VULHUB	id:	VHN-66018
db:	BID	id:	63245
db:	JVNDB	id:	JVNDB-2013-004919
db:	CNNVD	id:	CNNVD-201310-532
db:	NVD	id:	CVE-2013-6016

LAST UPDATE DATE

2024-11-23T22:35:19.174000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66018	date:	2017-08-29T00:00:00
db:	BID	id:	63245	date:	2015-03-19T09:16:00
db:	JVNDB	id:	JVNDB-2013-004919	date:	2013-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201310-532	date:	2013-10-28T00:00:00
db:	NVD	id:	CVE-2013-6016	date:	2024-11-21T01:58:37.727

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66018	date:	2013-10-26T00:00:00
db:	BID	id:	63245	date:	2013-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2013-004919	date:	2013-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201310-532	date:	2013-10-23T00:00:00
db:	NVD	id:	CVE-2013-6016	date:	2013-10-26T17:55:03.527