CVE-2017-6155

Summary

On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure.

Affected Software

VendorProductVersion RangeStatus
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, APM, ASM, Edge Gateway, Link Controller, PEM, PSM, WebAccelerator, WebSafe)13.0.0affected
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, APM, ASM, Edge Gateway, Link Controller, PEM, PSM, WebAccelerator, WebSafe)12.0.0-12.1.3.1affected
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, APM, ASM, Edge Gateway, Link Controller, PEM, PSM, WebAccelerator, WebSafe)11.6.0-11.6.2affected
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, APM, ASM, Edge Gateway, Link Controller, PEM, PSM, WebAccelerator, WebSafe)11.4.1-11.5.5affected
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, APM, ASM, Edge Gateway, Link Controller, PEM, PSM, WebAccelerator, WebSafe)11.2.1affected

Weaknesses

  • DoS

ADP Enrichment

CVE Program Container

Additional References

References