On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure.
References
Link | Resource |
---|---|
http://www.securitytracker.com/id/1040561 | Third Party Advisory VDB Entry |
https://support.f5.com/csp/article/K43121447 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: f5
Published: 2018-03-21T00:00:00
Updated: 2018-03-23T09:57:01
Reserved: 2018-01-12T00:00:00
Link: CVE-2018-5502
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-22T18:29:00.510
Modified: 2018-04-20T17:04:20.017
Link: CVE-2018-5502
JSON object: View
Redhat Information
No data.
CWE