CVE-2018-5514
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
02/05/2018
Last modified:
13/06/2018
Description
On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
| cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.0.5 (including) |
To consult the complete list of CPE names with products and versions, see this page