Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-23308

Опубликовано: 14 фев. 2024
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns."  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
Версия от 17.1.0 (включая) до 17.1.1 (исключая)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Версия от 17.1.0 (включая) до 17.1.1 (исключая)

EPSS

Процентиль: 58%
0.00362
Низкий

7.5 High

CVSS3

Дефекты

CWE-476
CWE-476

Связанные уязвимости

github логотип

GHSA-6x7g-3w67-hj7p

CVSS3: 7.5
github
почти 2 года назад

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns."  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

EPSS

Процентиль: 58%
0.00362
Низкий

7.5 High

CVSS3

Дефекты

CWE-476
CWE-476