On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P
Vendors Products
F5
  • Big-ip Policy Enforcement Manager
  • Big-ip Advanced Web Application Firewall
  • Big-ip Analytics
  • Big-ip Access Policy Manager
  • Big-ip Ddos Hybrid Defender
  • Big-ip Link Controller
  • Big-ip Application Acceleration Manager
  • Big-ip Fraud Protection Service
  • Big-ip Domain Name System
  • Ssl Orchestrator
  • Big-ip Global Traffic Manager
  • Big-ip Advanced Firewall Manager
  • Big-ip Local Traffic Manager
  • Big-ip Application Security Manager

Configuration 1 [-]

OR cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:ssl_orchestrator:12.1.5.2:*:*:*:*:*:*:*
References
Link Resource
https://support.f5.com/csp/article/K34441555 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: f5

Published: 2021-03-31T17:26:29

Updated: 2021-03-31T17:26:29

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-23000

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-03-31T18:15:15.223

Modified: 2021-04-05T18:19:21.657

Link: CVE-2021-23000

JSON object: View

cve-icon Redhat Information

No data.

CWE