CVE-2018-5530

Summary

F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".

Affected Software

VendorProductVersion RangeStatus
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, PEM, WebSafe)13.0.0-13.1.0.5affected
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, PEM, WebSafe)12.1.0-12.1.3.5affected
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, PEM, WebSafe)11.6.0-11.6.3.1affected

Weaknesses

  • DoS

ADP Enrichment

CVE Program Container

Additional References

References