CVE-2017-6141
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
20/10/2017
Last modified:
20/04/2025
Description
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page