Vulnerabilities > F5 > BIG IP Local Traffic Manager > 11.6.0

DATE CVE VULNERABILITY TITLE RISK
2018-07-25 CVE-2018-5537 Improper Input Validation vulnerability in F5 products
A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile.
network
high complexity
f5 CWE-20
5.3
5.3
2018-07-25 CVE-2018-5531 Improper Input Validation vulnerability in F5 products
Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems.
low complexity
f5 CWE-20
7.4
7.4
2018-07-25 CVE-2018-5530 Resource Exhaustion vulnerability in F5 products
F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".
network
low complexity
f5 CWE-400
7.5
7.5
2018-07-19 CVE-2018-5535 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service.
network
low complexity
f5 CWE-20
7.5
7.5
2018-07-19 CVE-2018-5534 Improper Input Validation vulnerability in F5 products
Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.
network
low complexity
f5 CWE-20
7.5
7.5
2018-07-19 CVE-2018-5533 Improper Input Validation vulnerability in F5 products
Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.
network
low complexity
f5 CWE-20
7.5
7.5
2018-07-19 CVE-2018-5532 Unspecified vulnerability in F5 products
On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.
network
low complexity
f5
5.3
5.3
2018-06-01 CVE-2018-5525 Information Exposure vulnerability in F5 products
A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data.
network
low complexity
f5 CWE-200
4.3
4.3
2018-06-01 CVE-2018-5522 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.
network
high complexity
f5 CWE-20
5.9
5.9
2018-05-02 CVE-2018-5520 Incorrect Authorization vulnerability in F5 products
On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.
network
high complexity
f5 CWE-863
4.4
4.4