| Vulnerability Name: | CVE-2018-5514 (CCN-142677) | ||||||||||||
| Assigned: | 2018-05-02 | ||||||||||||
| Published: | 2018-05-02 | ||||||||||||
| Updated: | 2018-06-13 | ||||||||||||
| Summary: | On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. | ||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-5514 Source: CCN Type: SECTRACK ID: 1040804 F5 BIG-IP HTTP/2 Request Processing Flaw Lets Remote Users Cause the Target TMM Component to Crash Source: BID Type: Third Party Advisory, VDB Entry 104097 Source: CCN Type: BID-104097 F5 BIG-IP CVE-2018-5514 Remote Denial of Service Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1040804 Source: XF Type: UNKNOWN f5-cve20185514-dos(142677) Source: CCN Type: F5 Security Advisory K45320419 TMM with HTTP/2 vulnerability CVE-2018-5514 Source: CONFIRM Type: Vendor Advisory https://support.f5.com/csp/article/K45320419 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration 5: Configuration 6: Configuration 7: Configuration 8: Configuration 9: Configuration 10: Configuration 11: Configuration 12: Configuration 13: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||