Vulnerabilities > F5 > BIG IP Websafe > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-20 CVE-2017-6141 Improper Input Validation vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM).
network
high complexity
f5 CWE-20
5.9
2017-09-18 CVE-2017-6147 Unspecified vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server.
network
high complexity
f5
5.9
2017-06-09 CVE-2016-7469 Cross-site Scripting vulnerability in F5 products
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML.
network
low complexity
f5 CWE-79
5.4
2017-05-09 CVE-2017-6137 Unspecified vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations.
network
high complexity
f5
5.9
2017-03-27 CVE-2016-7474 Information Exposure vulnerability in F5 products
In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.
local
low complexity
f5 CWE-200
5.5
2017-03-07 CVE-2016-9245 Improper Access Control vulnerability in F5 products
In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart.
network
high complexity
f5 CWE-284
5.9
2017-02-20 CVE-2016-6249 Information Exposure vulnerability in F5 products
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log.
local
low complexity
f5 CWE-200
5.3
2017-01-10 CVE-2016-9247 Improper Input Validation vulnerability in F5 products
Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.
network
high complexity
f5 CWE-20
5.9