Details of VAR-201810-0020

ID

VAR-201810-0020

CVE

CVE-2016-7475

TITLE

BIG-IP Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-009297

DESCRIPTION

Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles. BIG-IP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. Attackers can exploit this vulnerability to cause service interruption. The following versions are affected: F5 BIG-IP version 12.0.0 to 12.1.0, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4 HF1

Trust: 1.8

sources: NVD: CVE-2016-7475 // JVNDB: JVNDB-2016-009297 // VULHUB: VHN-96295 // VULMON: CVE-2016-7475

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	lte	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	gte	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.1	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.4	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.0.0	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.5	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.0	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.1	Trust: 0.6
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.0	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.0	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.7	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.6	Trust: 0.6

sources: JVNDB: JVNDB-2016-009297 // CNNVD: CNNVD-201810-288 // NVD: CVE-2016-7475

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7475
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-7475
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201810-288
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-96295
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-7475
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7475
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-96295
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7475
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96295 // VULMON: CVE-2016-7475 // JVNDB: JVNDB-2016-009297 // CNNVD: CNNVD-201810-288 // NVD: CVE-2016-7475

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-96295 // JVNDB: JVNDB-2016-009297 // NVD: CVE-2016-7475

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-288

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201810-288

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-009297

PATCH

title:	K01587042	url:	https://support.f5.com/csp/article/K01587042	Trust: 0.8
title:	F5 BIG-IP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85482	Trust: 0.6

sources: JVNDB: JVNDB-2016-009297 // CNNVD: CNNVD-201810-288

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7475	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-009297	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-288	Trust: 0.7
db:	VULHUB	id:	VHN-96295	Trust: 0.1
db:	VULMON	id:	CVE-2016-7475	Trust: 0.1

sources: VULHUB: VHN-96295 // VULMON: CVE-2016-7475 // JVNDB: JVNDB-2016-009297 // CNNVD: CNNVD-201810-288 // NVD: CVE-2016-7475

REFERENCES

url:	https://support.f5.com/csp/article/k01587042	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7475	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7475	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-96295 // VULMON: CVE-2016-7475 // JVNDB: JVNDB-2016-009297 // CNNVD: CNNVD-201810-288 // NVD: CVE-2016-7475

SOURCES

db:	VULHUB	id:	VHN-96295
db:	VULMON	id:	CVE-2016-7475
db:	JVNDB	id:	JVNDB-2016-009297
db:	CNNVD	id:	CNNVD-201810-288
db:	NVD	id:	CVE-2016-7475

LAST UPDATE DATE

2024-11-23T22:06:36.379000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96295	date:	2019-01-09T00:00:00
db:	VULMON	id:	CVE-2016-7475	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-009297	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201810-288	date:	2018-10-09T00:00:00
db:	NVD	id:	CVE-2016-7475	date:	2024-11-21T02:58:04.480

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96295	date:	2018-10-08T00:00:00
db:	VULMON	id:	CVE-2016-7475	date:	2018-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-009297	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201810-288	date:	2018-10-09T00:00:00
db:	NVD	id:	CVE-2016-7475	date:	2018-10-08T19:29:00.307