K67825238 : iControl REST vulnerability CVE-2019-6638

2019-07-0100:00:00

my.f5.com

0.002 Low

EPSS

Percentile

54.4%

JSON

Security Advisory Description

Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process. (CVE-2019-6638)

Impact

All authenticated users, regardless of role, can exploit this vulnerability, which can result in a denial-of-service (DoS) for all iControl REST operations. This impacts control plane iControl REST functionality and some portions of the Configuration utility. Data plane traffic is not impacted by this issue.

CPENameOperatorVersion
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2

Rows per page:

1-10 of 2441

0.002 Low

EPSS

Percentile

54.4%

JSON

Related for F5:K67825238