Vulnerabilities > CVE-2017-6155 - Unspecified vulnerability in F5 products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure.
Vulnerable Configurations
Nessus
| NASL family | F5 Networks Local Security Checks |
| NASL id | F5_BIGIP_SOL10930474.NASL |
| description | Malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure. (CVE-2017-6155) Impact An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. This vulnerability affects systems with any of the following configurations : A virtual server associated with an HTTP/2 profile Note : The HTTP/2 profile was introduced as an experimental profile in BIG-IP 11.6.0, and officially in BIG-IP 12.0.0. A virtual server associated with a SPDY profile Note : The SPDY profile was introduced in BIG-IP 11.2.0. |
| last seen | 2020-03-17 |
| modified | 2018-11-02 |
| plugin id | 118628 |
| published | 2018-11-02 |
| reporter | This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/118628 |
| title | F5 Networks BIG-IP : TMM vulnerability (K10930474) |