CVE-2024-23308

{"id": "CVE-2024-23308", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "f5sirt@f5.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-14T17:15:13.200", "references": [{"url": "https://my.f5.com/manage/s/article/K000137416", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}, {"url": "https://my.f5.com/manage/s/article/K000137416", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f5sirt@f5.com", "description": [{"lang": "en", "value": "CWE-476"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "\nWhen a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with \"Apply value and content signatures and detect threat campaigns.\"\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}, {"lang": "es", "value": "Cuando una pol\u00edtica BIG-IP Advanced WAF o BIG-IP ASM con una opci\u00f3n de Manejo del cuerpo de la solicitud se adjunta a un servidor virtual, las solicitudes no divulgadas pueden hacer que el proceso BD finalice. La condici\u00f3n resulta de configurar la opci\u00f3n Manejo del cuerpo de la solicitud en el perfil de contenido basado en encabezado para una URL permitida con \"Aplicar firmas de valor y contenido y detectar campa\u00f1as de amenazas\". Nota: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan"}], "lastModified": "2024-12-12T19:10:12.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F805B12C-7196-44A8-897C-4075D4B9EF5A", "versionEndExcluding": "17.1.1", "versionStartIncluding": "17.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4453B671-B10F-4B82-A41D-048B12F37EA8", "versionEndExcluding": "17.1.1", "versionStartIncluding": "17.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}