Details of VAR-201710-0619

ID

VAR-201710-0619

CVE

CVE-2017-0303

TITLE

plural F5 BIG-IP Resource management vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-009627

DESCRIPTION

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections. plural F5 BIG-IP The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause resource starvation, resulting in denial-of-service condition. F5 BIG-IP APM, etc. are all products of F5 Company in the United States. F5 BIG-IP APM is an access and security solution. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP PEM is a policy enforcer used in BIG-IP. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.0.0 to Release 12.1.2, Release 11.6.0 to Release 11.6.1, Release 11.5.1 to Release 11.5.4; BIG-IP AAM 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.5.1 to 11.5.4; BIG-IP AFM 13.0.0, 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6.1, Version 11.5.1 to Version 11.5.4; BIG-IP Analytics Version 13.0.0, Version 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6 .1 version, 11.5.1 to 11.5.4 version; BIG-IP APM 13.0.0 version, 12.0.0 to 12.1.2 version, 11.6.0 to 11.6.1 version, 11.5.1 to 11.5 version. 4 releases; BIG-IP ASM releases 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.5.1 to 11.5.4; BIG-IP Link Controller 13.0.0 Versions, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.5.1 to 11.5.4; BIG-IP PEM 13.0.0, 12.0.0 to 12.1.2 , 11.6.0 to 11.6.1, 11.5.1 to 11.5.4; BIG-IP DNS; 13.0.0, 12.0.0 to 12.1

Trust: 1.98

sources: NVD: CVE-2017-0303 // JVNDB: JVNDB-2017-009627 // BID: 101612 // VULHUB: VHN-99122

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.4	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.3	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.1	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.5	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.1	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.2	Trust: 1.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.2	Trust: 1.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.1	Trust: 1.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.3	Trust: 1.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.2	Trust: 1.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.1	Trust: 1.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0	Trust: 1.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.1	Trust: 1.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.5	Trust: 1.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.4	Trust: 1.3
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.0.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.5.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf1	scope:	ne	version:	13.0.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	ne	version:	13.0.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	ne	version:	13.0.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip gtm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip dns hf1	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf1	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	11.6.2	Trust: 0.3

sources: BID: 101612 // JVNDB: JVNDB-2017-009627 // CNNVD: CNNVD-201801-837 // NVD: CVE-2017-0303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-0303
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-0303
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201801-837
value:	HIGH
Trust: 0.6
VULHUB:	VHN-99122
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-0303
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-99122
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-0303
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-99122 // JVNDB: JVNDB-2017-009627 // CNNVD: CNNVD-201801-837 // NVD: CVE-2017-0303

PROBLEMTYPE DATA

problemtype:	CWE-459	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-99122 // JVNDB: JVNDB-2017-009627 // NVD: CVE-2017-0303

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-837

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201801-837

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009627

PATCH

title:	K30201296	url:	https://support.f5.com/csp/article/K30201296	Trust: 0.8
title:	Multiple F5 Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78001	Trust: 0.6
title:	Multiple F5 Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76071	Trust: 0.6

sources: JVNDB: JVNDB-2017-009627 // CNNVD: CNNVD-201801-837

EXTERNAL IDS

db:	NVD	id:	CVE-2017-0303	Trust: 2.8
db:	BID	id:	101612	Trust: 2.0
db:	SECTRACK	id:	1039674	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-009627	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-837	Trust: 0.7
db:	VULHUB	id:	VHN-99122	Trust: 0.1

sources: VULHUB: VHN-99122 // BID: 101612 // JVNDB: JVNDB-2017-009627 // CNNVD: CNNVD-201801-837 // NVD: CVE-2017-0303

REFERENCES

url:	https://support.f5.com/csp/article/k30201296	Trust: 2.0
url:	http://www.securityfocus.com/bid/101612	Trust: 1.7
url:	http://www.securitytracker.com/id/1039674	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0303	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-0303	Trust: 0.8
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-99122 // BID: 101612 // JVNDB: JVNDB-2017-009627 // CNNVD: CNNVD-201801-837 // NVD: CVE-2017-0303

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 101612

SOURCES

db:	VULHUB	id:	VHN-99122
db:	BID	id:	101612
db:	JVNDB	id:	JVNDB-2017-009627
db:	CNNVD	id:	CNNVD-201801-837
db:	NVD	id:	CVE-2017-0303

LAST UPDATE DATE

2024-11-23T21:53:40.840000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-99122	date:	2019-10-03T00:00:00
db:	BID	id:	101612	date:	2017-12-19T21:00:00
db:	JVNDB	id:	JVNDB-2017-009627	date:	2017-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201801-837	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-0303	date:	2024-11-21T03:02:43.663

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-99122	date:	2017-10-27T00:00:00
db:	BID	id:	101612	date:	2017-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-009627	date:	2017-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201801-837	date:	2018-01-23T00:00:00
db:	NVD	id:	CVE-2017-0303	date:	2017-10-27T14:29:00.233