Details of VAR-201606-0261

ID

VAR-201606-0261

CVE

CVE-2016-4545

TITLE

F5 BIG-IP Service disruption in virtual servers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-003044

DESCRIPTION

Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake. BIG-IP SSL is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause excessive resource consumption, resulting in a denial-of-service condition. F5 BIG-IP Analytics and others are products of F5 Corporation of the United States. F5 BIG-IP Analytics is a suite of web application performance analysis software. APM is a set of solutions that provide secure and unified access to business-critical applications and networks. LTM is a local traffic manager. A security vulnerability exists in the Virtual Server of several F5 BIG-IP products. The following products and versions are affected: F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, PEM version 11.5.4

Trust: 1.98

sources: NVD: CVE-2016-4545 // JVNDB: JVNDB-2016-003044 // BID: 91016 // VULHUB: VHN-93364

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.4	Trust: 2.4
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.4	Trust: 2.4
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.4	Trust: 2.4
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.4	Trust: 2.4
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.4	Trust: 2.4
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.4	Trust: 2.4
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.4	Trust: 2.4
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.4	Trust: 2.4
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.4	Trust: 2.4

sources: JVNDB: JVNDB-2016-003044 // CNNVD: CNNVD-201606-153 // NVD: CVE-2016-4545

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4545
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4545
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201606-153
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-93364
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-4545
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-93364
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4545
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93364 // JVNDB: JVNDB-2016-003044 // CNNVD: CNNVD-201606-153 // NVD: CVE-2016-4545

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-93364 // JVNDB: JVNDB-2016-003044 // NVD: CVE-2016-4545

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-153

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201606-153

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003044

PATCH

title:	sol48042976: BIG-IP SSL vulnerability CVE-2016-4545	url:	https://support.f5.com/kb/en-us/solutions/public/k/48/sol48042976.html	Trust: 0.8
title:	Multiple F5 BIG-IP Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62118	Trust: 0.6

sources: JVNDB: JVNDB-2016-003044 // CNNVD: CNNVD-201606-153

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4545	Trust: 2.8
db:	SECTRACK	id:	1036025	Trust: 1.7
db:	JVNDB	id:	JVNDB-2016-003044	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-153	Trust: 0.7
db:	AUSCERT	id:	ESB-2016.1428	Trust: 0.6
db:	BID	id:	91016	Trust: 0.3
db:	VULHUB	id:	VHN-93364	Trust: 0.1

sources: VULHUB: VHN-93364 // BID: 91016 // JVNDB: JVNDB-2016-003044 // CNNVD: CNNVD-201606-153 // NVD: CVE-2016-4545

REFERENCES

url:	https://support.f5.com/kb/en-us/solutions/public/k/48/sol48042976.html	Trust: 2.0
url:	http://www.securitytracker.com/id/1036025	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4545	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4545	Trust: 0.8
url:	http://www.auscert.org.au/./render.html?it=35490	Trust: 0.6
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-93364 // BID: 91016 // JVNDB: JVNDB-2016-003044 // CNNVD: CNNVD-201606-153 // NVD: CVE-2016-4545

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 91016

SOURCES

db:	VULHUB	id:	VHN-93364
db:	BID	id:	91016
db:	JVNDB	id:	JVNDB-2016-003044
db:	CNNVD	id:	CNNVD-201606-153
db:	NVD	id:	CVE-2016-4545

LAST UPDATE DATE

2024-11-23T23:12:35.987000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93364	date:	2016-06-09T00:00:00
db:	BID	id:	91016	date:	2016-07-06T14:57:00
db:	JVNDB	id:	JVNDB-2016-003044	date:	2016-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201606-153	date:	2016-06-08T00:00:00
db:	NVD	id:	CVE-2016-4545	date:	2024-11-21T02:52:27.210

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93364	date:	2016-06-07T00:00:00
db:	BID	id:	91016	date:	2016-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-003044	date:	2016-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201606-153	date:	2016-06-07T00:00:00
db:	NVD	id:	CVE-2016-4545	date:	2016-06-07T18:59:04.603