Details of VAR-201511-0220

ID

VAR-201511-0220

CVE

CVE-2015-6546

TITLE

plural F5 BIG-IP Product vCMP Service disruption at the host (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-005772

DESCRIPTION

The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers to cause a denial of service via "malicious traffic.". plural F5 BIG-IP Product vCMP Host has a service disruption (DoS) Vulnerabilities exist.By a third party " Malicious traffic " Through service disruption (DoS) There is a possibility of being put into a state. F5 BIG-IP Analytics and others are products of F5 Corporation of the United States. F5 BIG-IP Analytics is a suite of web application performance analysis software. APM is a set of solutions that provide secure and unified access to business-critical applications and networks. LTM is a local traffic manager. A security vulnerability exists in the vCMP host of several F5 products. A remote attacker can use malicious traffic to exploit this vulnerability to cause a denial of service

Trust: 1.71

sources: NVD: CVE-2015-6546 // JVNDB: JVNDB-2015-005772 // VULHUB: VHN-84507

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.0	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.0	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.2	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.3	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.1	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.1	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.2	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.3	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.1	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.0.0 to 11.5.3	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.3.0 to 11.5.3	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.0.0 to 11.5.3	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.0 to 11.5.3	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.0.0 to 11.5.3	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.0.0 to 11.5.3	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.0.0 to 11.5.3	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.0.0 to 11.5.3	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.3.0 to 11.5.3	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.0.0 to 11.4.1	Trust: 0.8
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.0.0 to 11.3.0	Trust: 0.8

sources: JVNDB: JVNDB-2015-005772 // CNNVD: CNNVD-201511-110 // NVD: CVE-2015-6546

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6546
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6546
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201511-110
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84507
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6546
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84507
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84507 // JVNDB: JVNDB-2015-005772 // CNNVD: CNNVD-201511-110 // NVD: CVE-2015-6546

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-84507 // JVNDB: JVNDB-2015-005772 // NVD: CVE-2015-6546

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201511-110

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201511-110

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005772

PATCH

title:	sol17386: vCMP DoS vulnerability CVE-2015-6546	url:	https://support.f5.com/kb/en-us/solutions/public/17000/300/sol17386.html	Trust: 0.8
title:	Multiple F5 Product denial of service vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58605	Trust: 0.6

sources: JVNDB: JVNDB-2015-005772 // CNNVD: CNNVD-201511-110

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6546	Trust: 2.5
db:	SECTRACK	id:	1033952	Trust: 1.7
db:	JVNDB	id:	JVNDB-2015-005772	Trust: 0.8
db:	CNNVD	id:	CNNVD-201511-110	Trust: 0.7
db:	VULHUB	id:	VHN-84507	Trust: 0.1

sources: VULHUB: VHN-84507 // JVNDB: JVNDB-2015-005772 // CNNVD: CNNVD-201511-110 // NVD: CVE-2015-6546

REFERENCES

url:	https://support.f5.com/kb/en-us/solutions/public/17000/300/sol17386.html	Trust: 1.7
url:	http://www.securitytracker.com/id/1033952	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6546	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6546	Trust: 0.8

sources: VULHUB: VHN-84507 // JVNDB: JVNDB-2015-005772 // CNNVD: CNNVD-201511-110 // NVD: CVE-2015-6546

SOURCES

db:	VULHUB	id:	VHN-84507
db:	JVNDB	id:	JVNDB-2015-005772
db:	CNNVD	id:	CNNVD-201511-110
db:	NVD	id:	CVE-2015-6546

LAST UPDATE DATE

2024-11-23T21:54:47.849000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84507	date:	2019-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2015-005772	date:	2015-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201511-110	date:	2019-06-10T00:00:00
db:	NVD	id:	CVE-2015-6546	date:	2024-11-21T02:35:11.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84507	date:	2015-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2015-005772	date:	2015-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201511-110	date:	2015-11-09T00:00:00
db:	NVD	id:	CVE-2015-6546	date:	2015-11-06T18:59:01.847