Vulnerabilities > CVE-2017-6155 - Unspecified vulnerability in F5 products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
f5
nessus

Summary

On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure.

Vulnerable Configurations

Part Description Count
Application
F5
224

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL10930474.NASL
descriptionMalformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure. (CVE-2017-6155) Impact An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. This vulnerability affects systems with any of the following configurations : A virtual server associated with an HTTP/2 profile Note : The HTTP/2 profile was introduced as an experimental profile in BIG-IP 11.6.0, and officially in BIG-IP 12.0.0. A virtual server associated with a SPDY profile Note : The SPDY profile was introduced in BIG-IP 11.2.0.
last seen2020-03-17
modified2018-11-02
plugin id118628
published2018-11-02
reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/118628
titleF5 Networks BIG-IP : TMM vulnerability (K10930474)