On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104097 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1040804 | Third Party Advisory VDB Entry |
https://support.f5.com/csp/article/K45320419 | Vendor Advisory |
http://www.securityfocus.com/bid/104097 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1040804 | Third Party Advisory VDB Entry |
https://support.f5.com/csp/article/K45320419 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Configuration 13 (hide)
|
History
21 Nov 2024, 04:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/104097 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1040804 - Third Party Advisory, VDB Entry | |
References | () https://support.f5.com/csp/article/K45320419 - Vendor Advisory |
Information
Published : 2018-05-02 13:29
Updated : 2024-11-21 04:08
NVD link : CVE-2018-5514
Mitre link : CVE-2018-5514
CVE.ORG link : CVE-2018-5514
JSON object : View
Products Affected
f5
- big-ip_application_security_manager
- big-ip_application_acceleration_manager
- big-ip_global_traffic_manager
- big-ip_policy_enforcement_manager
- big-ip_edge_gateway
- big-ip_websafe
- big-ip_link_controller
- big-ip_domain_name_system
- big-ip_local_traffic_manager
- big-ip_webaccelerator
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- big-ip_analytics
CWE
CWE-20
Improper Input Validation