Sign-up

ID

VAR-201712-0677


CVE

CVE-2017-6151


TITLE

plural F5 BIG-IP Resource management vulnerabilities in product software

Trust: 0.8

sources: JVNDB: JVNDB-2017-011683

DESCRIPTION

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM. plural F5 BIG-IP There is a resource management vulnerability in the product software.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP Products are prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause a denial-of-service condition due to excessive memory consumption. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. An attacker could exploit this vulnerability to disrupt traffic or cause the BIG-IP to fail over to another device. The following products and versions are affected: F5 BIG-IP LTM Version 13.0.0, BIG-IP AAM Version 13.0.0, BIG-IP AFM Version 13.0.0, BIG-IP Analytics Version 13.0.0, BIG-IP APM 13.0

Trust: 1.98

sources: NVD: CVE-2017-6151 // JVNDB: JVNDB-2017-011683 // BID: 105369 // VULHUB: VHN-114354

AFFECTED PRODUCTS

vendor:f5model:big-ip access policy managerscope:eqversion:13.0.0

Trust: 2.4

vendor:f5model:big-ip analyticsscope:eqversion:13.0.0

Trust: 2.4

vendor:f5model:big-ip application security managerscope:eqversion:13.0.0

Trust: 2.4

vendor:f5model:big-ip edge gatewayscope:eqversion:13.0.0

Trust: 2.4

vendor:f5model:big-ip global traffic managerscope:eqversion:13.0.0

Trust: 2.4

vendor:f5model:big-ip link controllerscope:eqversion:13.0.0

Trust: 2.4

vendor:f5model:big-ip policy enforcement managerscope:eqversion:13.0.0

Trust: 2.4

vendor:f5model:big-ip webacceleratorscope:eqversion:13.0.0

Trust: 2.4

vendor:f5model:big-ip websafescope:eqversion:13.0.0

Trust: 2.4

vendor:f5model:big-ip advanced firewall managerscope:eqversion:13.0.0

Trust: 1.8

vendor:f5model:big-ip application acceleration managerscope:eqversion:13.0.0

Trust: 1.8

vendor:f5model:big-ip local traffic managerscope:eqversion:13.0.0

Trust: 1.8

vendor:f5model:big-ip dnsscope:eqversion:13.0.0

Trust: 1.6

vendor:f5model:big-ip domain name systemscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip websafescope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:13.0.0

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip websafescope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip websafescope:neversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:neversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip pemscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip pemscope:neversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:neversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip link controllerscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip link controllerscope:neversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:neversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:neversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip dnsscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip dnsscope:neversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip asmscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip asmscope:neversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip apmscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip apmscope:neversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip afmscope:neversion:13.1

Trust: 0.3

vendor:f5model:big-ip afmscope:neversion:13.0.1

Trust: 0.3

sources: BID: 105369 // JVNDB: JVNDB-2017-011683 // CNNVD: CNNVD-201712-834 // NVD: CVE-2017-6151

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6151
value: HIGH

Trust: 1.0

NVD: CVE-2017-6151
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201712-834
value: HIGH

Trust: 0.6

VULHUB: VHN-114354
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6151
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114354
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6151
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114354 // JVNDB: JVNDB-2017-011683 // CNNVD: CNNVD-201712-834 // NVD: CVE-2017-6151

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-114354 // JVNDB: JVNDB-2017-011683 // NVD: CVE-2017-6151

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-834

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201712-834

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011683

PATCH
title:K07369970url:https://support.f5.com/csp/article/K07369970
Trust: 0.8
title:Multiple F5 Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77287
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-011683 // 
            
            
            
            CNNVD: CNNVD-201712-834

EXTERNAL IDS
db:NVDid:CVE-2017-6151
Trust: 2.8
db:SECTRACKid:1040052
Trust: 1.7
db:JVNDBid:JVNDB-2017-011683
Trust: 0.8
db:CNNVDid:CNNVD-201712-834
Trust: 0.7
db:BIDid:105369
Trust: 0.3
db:VULHUBid:VHN-114354
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114354 // 
            
            
            
            BID: 105369 // 
            
            
            
            JVNDB: JVNDB-2017-011683 // 
            
            
            
            CNNVD: CNNVD-201712-834 // 
            
            
            
            NVD: CVE-2017-6151

REFERENCES
url:https://support.f5.com/csp/article/k07369970
Trust: 2.0
url:http://www.securitytracker.com/id/1040052
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6151
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6151
Trust: 0.8
url:http://www.f5.com/products/big-ip/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114354 // 
            
            
            
            BID: 105369 // 
            
            
            
            JVNDB: JVNDB-2017-011683 // 
            
            
            
            CNNVD: CNNVD-201712-834 // 
            
            
            
            NVD: CVE-2017-6151

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 105369

SOURCES
db:VULHUBid:VHN-114354
db:BIDid:105369
db:JVNDBid:JVNDB-2017-011683
db:CNNVDid:CNNVD-201712-834
db:NVDid:CVE-2017-6151

LAST UPDATE DATE
2024-11-23T21:40:03.384000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114354date:2019-10-03T00:00:00
db:BIDid:105369date:2017-12-20T00:00:00
db:JVNDBid:JVNDB-2017-011683date:2018-01-24T00:00:00
db:CNNVDid:CNNVD-201712-834date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6151date:2024-11-21T03:29:08.993

SOURCES RELEASE DATE
db:VULHUBid:VHN-114354date:2017-12-21T00:00:00
db:BIDid:105369date:2017-12-20T00:00:00
db:JVNDBid:JVNDB-2017-011683date:2018-01-24T00:00:00
db:CNNVDid:CNNVD-201712-834date:2017-12-22T00:00:00
db:NVDid:CVE-2017-6151date:2017-12-21T17:29:00.637