F5 BIG-IP up to 11.5.6/11.6.3.1/12.1.3.5/13.1.0.5 TMM HTML Content 拒绝服务漏洞

CVE编号

CVE-2018-5537

利用情况

暂无

补丁情况

N/A

披露时间

2018-07-26

漏洞描述

F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的多合一网络设备。
F5 BIG-IP中存在安全漏洞。在TMM虚拟机配置有HTML或Rewrite配置文件时，远程攻击者可利用该漏洞造成拒绝服务。

解决建议

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：
https://support.f5.com/csp/article/K94105051

参考链接
https://support.f5.com/csp/article/K94105051

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	f5	big-ip_access_policy_manager	*	From (including) 11.2.1	Up to (including) 11.5.6
	运行在以下环境
	应用	f5	big-ip_access_policy_manager	*	From (including) 11.6.0	Up to (including) 11.6.3.1
	运行在以下环境
	应用	f5	big-ip_access_policy_manager	*	From (including) 12.1.0	Up to (including) 12.1.3.5
	运行在以下环境
	应用	f5	big-ip_access_policy_manager	*	From (including) 13.0.0	Up to (including) 13.1.0.5
	运行在以下环境
	应用	f5	big-ip_advanced_firewall_manager	*	From (including) 11.2.1	Up to (including) 11.5.6
	运行在以下环境
	应用	f5	big-ip_advanced_firewall_manager	*	From (including) 11.6.0	Up to (including) 11.6.3.1
	运行在以下环境
	应用	f5	big-ip_advanced_firewall_manager	*	From (including) 12.1.0	Up to (including) 12.1.2
	运行在以下环境
	应用	f5	big-ip_advanced_firewall_manager	*	From (including) 13.0.0	Up to (including) 13.1.0.5
	运行在以下环境
	应用	f5	big-ip_application_acceleration_manager	*	From (including) 11.2.1	Up to (including) 11.5.6
	运行在以下环境
	应用	f5	big-ip_application_acceleration_manager	*	From (including) 11.6.0	Up to (including) 11.6.3.1
	运行在以下环境
	应用	f5	big-ip_application_acceleration_manager	*	From (including) 12.1.0	Up to (including) 12.1.3.5
	运行在以下环境
	应用	f5	big-ip_application_acceleration_manager	*	From (including) 13.0.0	Up to (including) 13.1.0.5
	运行在以下环境
	应用	f5	big-ip_application_security_manager	*	From (including) 10.1.0	Up to (including) 11.5.6
	运行在以下环境
	应用	f5	big-ip_application_security_manager	*	From (including) 11.6.0	Up to (including) 11.6.3.1
	运行在以下环境
	应用	f5	big-ip_application_security_manager	*	From (including) 12.1.0	Up to (including) 12.1.3.5
	运行在以下环境
	应用	f5	big-ip_application_security_manager	*	From (including) 13.0.0	Up to (including) 13.1.0.5
	运行在以下环境
	应用	f5	big-ip_edge_gateway	*	From (including) 11.2.1	Up to (including) 11.5.6
	运行在以下环境
	应用	f5	big-ip_edge_gateway	*	From (including) 11.6.0	Up to (including) 11.6.3.1
	运行在以下环境
	应用	f5	big-ip_edge_gateway	*	From (including) 12.1.0	Up to (including) 12.1.3.5
	运行在以下环境
	应用	f5	big-ip_edge_gateway	*	From (including) 13.0.0	Up to (including) 13.1.0.5
	运行在以下环境
	应用	f5	big-ip_global_traffic_manager	*	From (including) 11.2.1	Up to (including) 11.5.6
	运行在以下环境
	应用	f5	big-ip_global_traffic_manager	*	From (including) 11.6.0	Up to (including) 11.6.3.1
	运行在以下环境
	应用	f5	big-ip_global_traffic_manager	*	From (including) 12.1.0	Up to (including) 12.1.3.5
	运行在以下环境
	应用	f5	big-ip_global_traffic_manager	*	From (including) 13.0.0	Up to (including) 13.1.0.5
	运行在以下环境
	应用	f5	big-ip_local_traffic_manager	*	From (including) 11.2.1	Up to (including) 11.5.6
	运行在以下环境
	应用	f5	big-ip_local_traffic_manager	*	From (including) 11.6.0	Up to (including) 11.6.3.1
	运行在以下环境
	应用	f5	big-ip_local_traffic_manager	*	From (including) 12.1.0	Up to (including) 12.1.3.5
	运行在以下环境
	应用	f5	big-ip_local_traffic_manager	*	From (including) 13.0.0	Up to (including) 13.1.0.5
	运行在以下环境
	应用	f5	big-ip_policy_enforcement_manager	*	From (including) 11.2.1	Up to (including) 11.5.6
	运行在以下环境
	应用	f5	big-ip_policy_enforcement_manager	*	From (including) 11.6.0	Up to (including) 11.6.3.1
	运行在以下环境
	应用	f5	big-ip_policy_enforcement_manager	*	From (including) 12.1.0	Up to (including) 12.1.3.5
	运行在以下环境
应用	f5	big-ip_policy_enforcement_manager	*	From (including) 13.0.0	Up to (including) 13.1.0.5
运行在以下环境
应用	f5	big-ip_webaccelerator	*	From (including) 11.2.1	Up to (including) 11.5.6
运行在以下环境
应用	f5	big-ip_webaccelerator	*	From (including) 11.6.0	Up to (including) 11.6.3.1
运行在以下环境
应用	f5	big-ip_webaccelerator	*	From (including) 12.1.0	Up to (including) 12.1.3.5
运行在以下环境
应用	f5	big-ip_webaccelerator	*	From (including) 13.0.0	Up to (including) 13.1.0.5
运行在以下环境
应用	f5	big-ip_websafe	*	From (including) 11.2.1	Up to (including) 11.5.6
运行在以下环境
应用	f5	big-ip_websafe	*	From (including) 11.6.1	Up to (including) 11.6.3.1
运行在以下环境
应用	f5	big-ip_websafe	*	From (including) 12.1.0	Up to (including) 12.1.3.5
运行在以下环境
应用	f5	big-ip_websafe	*	From (including) 13.0.0	Up to (including) 13.1.0.5

攻击路径网络
攻击复杂度高
权限要求无
影响范围未更改
用户交互需要
可用性高
保密性无
完整性无

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-ID 漏洞类型 CWE-20 输入验证不恰当

正文

F5 BIG-IP up to 11.5.6/11.6.3.1/12.1.3.5/13.1.0.5 TMM HTML Content 拒绝服务漏洞

漏洞描述

解决建议

参考链接

受影响软件情况

相关阅读

IBM InfoSphere Master Data Management up to 11.4.0.4 GDS 跨站脚本攻击

IBM Tivoli Federated Identity Manager up to 6.2.2 FP15 跨站脚本攻击

IBM Spectrum Protect up to 5.5/6.3.2.4/6.4.3.0/7.1.2 CAD Client Crash 拒绝服务漏洞

F5 BIG-IP 至 11.6.0 HF5 Last Hop Kernel Module 资源管理漏洞

发表评论取消回复

还没有评论，来说两句吧...

目录[+]