CVE-2017-0303

Опубликовано: 27 окт. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.

Ссылки

http://www.securityfocus.com/bid/101612
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039674
Third Party Advisory
VDB Entry
https://support.f5.com/csp/article/K30201296
Vendor Advisory
http://www.securityfocus.com/bid/101612
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039674
Third Party Advisory
VDB Entry
https://support.f5.com/csp/article/K30201296
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.5:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.5:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.5:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.5:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.5.5:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.5.5:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*

Конфигурация 7

Одно из

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.5:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*

Конфигурация 8

cpe:2.3:a:f5:big-ip_websafe:1.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02438

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-459

Связанные уязвимости

GHSA-j3p8-q7hc-2x2w

CVSS3: 7.5

github

больше 3 лет назад

BDU:2017-02608

CVSS3: 7.5

fstec

больше 8 лет назад

Уязвимость прокси-сервера SOCKS средства защиты BIG-IP Websafe, системы контроля и управления сетевым трафиком BIG-IP Policy Enforcement Manager, средства защиты приложений BIG-IP Application Security Manager, системы балансировки локального трафика BIG-IP Local Traffic Manager, системы балансировки интернет-трафика BIG-IP Link Controller, средства доставки приложений BIG-IP Application Acceleration Manager, межсетевого экрана BIG-IP Advanced Firewall Manager и средства контроля доступа и удаленной аутентификации BIG-IP Access Policy Manager, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 85%

0.02438

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-459