Details of VAR-201907-0140

ID

VAR-201907-0140

CVE

CVE-2019-6634

TITLE

BIG-IP Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006205

DESCRIPTION

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role. BIG-IP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the process, denying service to legitimate users. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. Attackers can exploit this vulnerability to interrupt services by requesting a large number of malformed analysis reports

Trust: 1.98

sources: NVD: CVE-2019-6634 // JVNDB: JVNDB-2019-006205 // BID: 109104 // VULHUB: VHN-158069

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.0.0.4	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.1.0.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1.1.2	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.0.0.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.0.0.4	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.1.0.4	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelator	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.0.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.0.0.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.1.0.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	14.0.0.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.1.0.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.1.0.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.1.0.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	14.1.0.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.1.0.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	14.0.0.4	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.1.0.3	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.1.0.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.0.0.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.1.0.3	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	14.1.0.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.1.0.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	14.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip edge-gateway	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.1.0.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	14.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.0.0.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.0.0.4	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.0.0.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.0.0.4	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.0.0.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.1.0.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.1.0.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.2	Trust: 0.3

sources: BID: 109104 // JVNDB: JVNDB-2019-006205 // NVD: CVE-2019-6634

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6634
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-6634
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201907-051
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-158069
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6634
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158069
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6634
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-158069 // JVNDB: JVNDB-2019-006205 // CNNVD: CNNVD-201907-051 // NVD: CVE-2019-6634

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-158069 // JVNDB: JVNDB-2019-006205 // NVD: CVE-2019-6634

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-051

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201907-051

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006205

PATCH

title:	K64855220	url:	https://support.f5.com/csp/article/K64855220	Trust: 0.8
title:	F5 BIG-IP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94287	Trust: 0.6

sources: JVNDB: JVNDB-2019-006205 // CNNVD: CNNVD-201907-051

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6634	Trust: 2.8
db:	BID	id:	109104	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-006205	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-051	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2408	Trust: 0.6
db:	VULHUB	id:	VHN-158069	Trust: 0.1

sources: VULHUB: VHN-158069 // BID: 109104 // JVNDB: JVNDB-2019-006205 // CNNVD: CNNVD-201907-051 // NVD: CVE-2019-6634

REFERENCES

url:	https://support.f5.com/csp/article/k64855220	Trust: 2.0
url:	http://www.securityfocus.com/bid/109104	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6634	Trust: 1.4
url:	http://www.f5.com/products/big-ip/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6634	Trust: 0.8
url:	https://support.f5.com/csp/article/k44885536	Trust: 0.6
url:	https://support.f5.com/csp/article/k20445457	Trust: 0.6
url:	https://support.f5.com/csp/article/k67825238	Trust: 0.6
url:	https://support.f5.com/csp/article/k79902360	Trust: 0.6
url:	https://support.f5.com/csp/article/k20541896	Trust: 0.6
url:	https://support.f5.com/csp/article/k22384173	Trust: 0.6
url:	https://support.f5.com/csp/article/k29149494	Trust: 0.6
url:	https://support.f5.com/csp/article/k68151373	Trust: 0.6
url:	https://support.f5.com/csp/article/k00432398	Trust: 0.6
url:	https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-29665	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2408/	Trust: 0.6

sources: VULHUB: VHN-158069 // BID: 109104 // JVNDB: JVNDB-2019-006205 // CNNVD: CNNVD-201907-051 // NVD: CVE-2019-6634

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 109104

SOURCES

db:	VULHUB	id:	VHN-158069
db:	BID	id:	109104
db:	JVNDB	id:	JVNDB-2019-006205
db:	CNNVD	id:	CNNVD-201907-051
db:	NVD	id:	CVE-2019-6634

LAST UPDATE DATE

2024-11-23T21:38:13.129000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158069	date:	2020-08-24T00:00:00
db:	BID	id:	109104	date:	2019-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-006205	date:	2019-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201907-051	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-6634	date:	2024-11-21T04:46:51.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158069	date:	2019-07-03T00:00:00
db:	BID	id:	109104	date:	2019-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-006205	date:	2019-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201907-051	date:	2019-07-02T00:00:00
db:	NVD	id:	CVE-2019-6634	date:	2019-07-03T19:15:13.033