K35358312 : TCP vulnerability CVE-2015-8099

2016-05-1100:00:00

my.f5.com

0.008 Low

EPSS

Percentile

81.2%

JSON

Security Advisory Description

Under limited conditions, an invalid TCP segment can lead to a Denial of Service for the High-Speed Bridge (HSB) on the following platforms: 3900, 6900, 8900, 8950, 11000, 11050, PB100 or PB200. This issue is only exposed on virtual servers while Software SYN cookies are configured for use and currently engaged. The scope of the exposure is limited to the BIG-IP data plane. The access vector is network based and authentication is not a requirement for attack. There is no control plane exposure to this issue. (CVE-2015-8099)

Note: The affected platforms do not support the Hardware SYN cookie protection feature. This feature appears in the profile configuration; however, it is not configurable for the noted platforms. For more information about SYN cookie protection, refer to K14779: Overview of BIG-IP SYN cookie protection (11.3.x - 12.x).
Impact
Invalid TCP segment can lead to a denial-of-service (DoS) for BIG-IP platforms that contain the High-Speed Bridge (HSB).

CPENameOperatorVersion
f5 websafeeq1.0.0
linerateeq2.4.0
linerateeq2.4.1
linerateeq2.4.2
linerateeq2.4.3
linerateeq2.5.0
linerateeq2.5.1
linerateeq2.5.2
linerateeq2.5.3
linerateeq2.6.0

Name	Operator	Version
f5 websafe	eq	1.0.0
linerate	eq	2.4.0
linerate	eq	2.4.1
linerate	eq	2.4.2
linerate	eq	2.4.3
linerate	eq	2.5.0
linerate	eq	2.5.1
linerate	eq	2.5.2
linerate	eq	2.5.3
linerate	eq	2.6.0

Rows per page:

1-10 of 391

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for F5:K35358312