CVE-2021-23050
N/A
N/A
Summary
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | BIG-IP Advanced WAF and BIG-IP ASM; NGINX App Protect | BIG-IP Advanced WAF and BIG-IP ASM 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 | affected |
| n/a | BIG-IP Advanced WAF and BIG-IP ASM; NGINX App Protect | NGINX App Protect all versions before 3.5.0 | affected |
Weaknesses
- CWE-352: CWE-352
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.