CVE-2013-6016: Input Validation
First published: Sat Oct 26 2013(Updated: )
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Riverbed SteelApp Traffic Manager | =10.0.0 | |
| Riverbed SteelApp Traffic Manager | =10.0.1 | |
| Riverbed SteelApp Traffic Manager | =10.1.0 | |
| Riverbed SteelApp Traffic Manager | =10.2.0 | |
| Riverbed SteelApp Traffic Manager | =10.2.1 | |
| Riverbed SteelApp Traffic Manager | =10.2.2 | |
| Riverbed SteelApp Traffic Manager | =11.0.0 | |
| F5 BIG-IP WebAccelerator | =9.4.0 | |
| F5 BIG-IP WebAccelerator | =9.4.1 | |
| F5 BIG-IP WebAccelerator | =9.4.2 | |
| F5 BIG-IP WebAccelerator | =9.4.3 | |
| F5 BIG-IP WebAccelerator | =9.4.4 | |
| F5 BIG-IP WebAccelerator | =9.4.5 | |
| F5 BIG-IP WebAccelerator | =9.4.6 | |
| F5 BIG-IP WebAccelerator | =9.4.7 | |
| F5 BIG-IP WebAccelerator | =9.4.8 | |
| F5 BIG-IP WebAccelerator | =10.0.0 | |
| F5 BIG-IP WebAccelerator | =10.0.1 | |
| F5 BIG-IP WebAccelerator | =10.1.0 | |
| F5 BIG-IP WebAccelerator | =10.2.0 | |
| F5 BIG-IP WebAccelerator | =10.2.1 | |
| F5 BIG-IP WebAccelerator | =10.2.2 | |
| F5 BIG-IP WebAccelerator | =10.2.3 | |
| F5 BIG-IP WebAccelerator | =10.2.4 | |
| F5 BIG-IP WebAccelerator | =11.0.0 | |
| F5 BIG-IP WebAccelerator | =11.1.0 | |
| F5 BIG-IP WebAccelerator | =11.2.0 | |
| F5 BIG-IP WebAccelerator | =11.2.1 | |
| F5 BIG-IP WebAccelerator | =11.3.0 | |
| Riverbed SteelApp Traffic Manager | =10.0.0 | |
| Riverbed SteelApp Traffic Manager | =10.0.1 | |
| Riverbed SteelApp Traffic Manager | =10.1.0 | |
| Riverbed SteelApp Traffic Manager | =10.2.0 | |
| Riverbed SteelApp Traffic Manager | =10.2.1 | |
| Riverbed SteelApp Traffic Manager | =10.2.2 | |
| Riverbed SteelApp Traffic Manager | =11.0.0 | |
| F5 Application Security Manager | =10.0.0 | |
| F5 Application Security Manager | =10.0.1 | |
| F5 Application Security Manager | =10.1.0 | |
| F5 Application Security Manager | =10.2.0 | |
| F5 Application Security Manager | =10.2.1 | |
| F5 Application Security Manager | =10.2.2 | |
| F5 Application Security Manager | =11.0.0 | |
| F5 Access Policy Manager | =10.1.0 | |
| F5 Access Policy Manager | =10.2.0 | |
| F5 Access Policy Manager | =10.2.1 | |
| F5 Access Policy Manager | =10.2.2 | |
| F5 Access Policy Manager | =11.0.0 | |
| Exinda WAN Optimization Suite | =10.0.0 | |
| Exinda WAN Optimization Suite | =10.0.1 | |
| Exinda WAN Optimization Suite | =10.1.0 | |
| Exinda WAN Optimization Suite | =10.2.0 | |
| Exinda WAN Optimization Suite | =10.2.1 | |
| Exinda WAN Optimization Suite | =10.2.2 | |
| Exinda WAN Optimization Suite | =11.0.0 | |
| F5 BIG-IP Edge Gateway | =10.1.0 | |
| F5 BIG-IP Edge Gateway | =10.2.0 | |
| F5 BIG-IP Edge Gateway | =10.2.1 | |
| F5 BIG-IP Edge Gateway | =10.2.2 | |
| F5 BIG-IP Edge Gateway | =11.0.0 | |
| F5 BIG-IP Protocol Security Manager | =9.4.5 | |
| F5 BIG-IP Protocol Security Manager | =9.4.6 | |
| F5 BIG-IP Protocol Security Manager | =9.4.7 | |
| F5 BIG-IP Protocol Security Manager | =9.4.8 | |
| F5 BIG-IP Protocol Security Manager | =10.0.0 | |
| F5 BIG-IP Protocol Security Manager | =10.0.1 | |
| F5 BIG-IP Protocol Security Manager | =10.1.0 | |
| F5 BIG-IP Protocol Security Manager | =10.2.0 | |
| F5 BIG-IP Protocol Security Manager | =10.2.1 | |
| F5 BIG-IP Protocol Security Manager | =10.2.2 | |
| F5 BIG-IP Protocol Security Manager | =10.2.3 | |
| F5 BIG-IP Protocol Security Manager | =10.2.4 | |
| F5 BIG-IP Protocol Security Manager | =11.0.0 | |
| F5 BIG-IP Protocol Security Manager | =11.1.0 | |
| F5 BIG-IP Protocol Security Manager | =11.2.0 | |
| F5 BIG-IP Protocol Security Manager | =11.2.1 | |
| F5 BIG-IP Protocol Security Manager | =11.3.0 | |
| F5 BIG-IP Protocol Security Manager | =11.4.0 | |
| F5 BIG-IP Protocol Security Manager | =11.4.1 | |
| F5 BIG-IP Link Controller | =10.0.0 | |
| F5 BIG-IP Link Controller | =10.0.1 | |
| F5 BIG-IP Link Controller | =10.1.0 | |
| F5 BIG-IP Link Controller | =10.2.0 | |
| F5 BIG-IP Link Controller | =10.2.1 | |
| F5 BIG-IP Link Controller | =10.2.2 | |
| F5 BIG-IP Link Controller | =11.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-6016?
CVE-2013-6016 has been classified as a high severity vulnerability due to its potential impact on affected systems.
How do I fix CVE-2013-6016?
To fix CVE-2013-6016, users should apply the latest patches and updates provided by F5 for the affected software versions.
What products are affected by CVE-2013-6016?
CVE-2013-6016 affects F5 products including BIG-IP LTM, APM, ASM, Edge Gateway, GTM, and others in specified versions.
What is the impact of exploiting CVE-2013-6016?
Exploitation of CVE-2013-6016 can allow remote attackers to execute arbitrary code or cause denial of service conditions.
Is there a workaround for CVE-2013-6016?
Temporary workarounds for CVE-2013-6016 may involve disabling specific features or limiting access to vulnerable components until a patch is applied.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- vendor/f5
- canonical/riverbed steelapp traffic manager
- version/riverbed steelapp traffic manager/10.0.0
- version/riverbed steelapp traffic manager/10.0.1
- version/riverbed steelapp traffic manager/10.1.0
- version/riverbed steelapp traffic manager/10.2.0
- version/riverbed steelapp traffic manager/10.2.1
- version/riverbed steelapp traffic manager/10.2.2
- version/riverbed steelapp traffic manager/11.0.0
- canonical/f5 big-ip webaccelerator
- version/f5 big-ip webaccelerator/9.4.0
- version/f5 big-ip webaccelerator/9.4.1
- version/f5 big-ip webaccelerator/9.4.2
- version/f5 big-ip webaccelerator/9.4.3
- version/f5 big-ip webaccelerator/9.4.4
- version/f5 big-ip webaccelerator/9.4.5
- version/f5 big-ip webaccelerator/9.4.6
- version/f5 big-ip webaccelerator/9.4.7
- version/f5 big-ip webaccelerator/9.4.8
- version/f5 big-ip webaccelerator/10.0.0
- version/f5 big-ip webaccelerator/10.0.1
- version/f5 big-ip webaccelerator/10.1.0
- version/f5 big-ip webaccelerator/10.2.0
- version/f5 big-ip webaccelerator/10.2.1
- version/f5 big-ip webaccelerator/10.2.2
- version/f5 big-ip webaccelerator/10.2.3
- version/f5 big-ip webaccelerator/10.2.4
- version/f5 big-ip webaccelerator/11.0.0
- version/f5 big-ip webaccelerator/11.1.0
- version/f5 big-ip webaccelerator/11.2.0
- version/f5 big-ip webaccelerator/11.2.1
- version/f5 big-ip webaccelerator/11.3.0
- canonical/f5 application security manager
- version/f5 application security manager/10.0.0
- version/f5 application security manager/10.0.1
- version/f5 application security manager/10.1.0
- version/f5 application security manager/10.2.0
- version/f5 application security manager/10.2.1
- version/f5 application security manager/10.2.2
- version/f5 application security manager/11.0.0
- canonical/f5 access policy manager
- version/f5 access policy manager/10.1.0
- version/f5 access policy manager/10.2.0
- version/f5 access policy manager/10.2.1
- version/f5 access policy manager/10.2.2
- version/f5 access policy manager/11.0.0
- canonical/exinda wan optimization suite
- version/exinda wan optimization suite/10.0.0
- version/exinda wan optimization suite/10.0.1
- version/exinda wan optimization suite/10.1.0
- version/exinda wan optimization suite/10.2.0
- version/exinda wan optimization suite/10.2.1
- version/exinda wan optimization suite/10.2.2
- version/exinda wan optimization suite/11.0.0
- canonical/f5 big-ip edge gateway
- version/f5 big-ip edge gateway/10.1.0
- version/f5 big-ip edge gateway/10.2.0
- version/f5 big-ip edge gateway/10.2.1
- version/f5 big-ip edge gateway/10.2.2
- version/f5 big-ip edge gateway/11.0.0
- canonical/f5 big-ip protocol security manager
- version/f5 big-ip protocol security manager/9.4.5
- version/f5 big-ip protocol security manager/9.4.6
- version/f5 big-ip protocol security manager/9.4.7
- version/f5 big-ip protocol security manager/9.4.8
- version/f5 big-ip protocol security manager/10.0.0
- version/f5 big-ip protocol security manager/10.0.1
- version/f5 big-ip protocol security manager/10.1.0
- version/f5 big-ip protocol security manager/10.2.0
- version/f5 big-ip protocol security manager/10.2.1
- version/f5 big-ip protocol security manager/10.2.2
- version/f5 big-ip protocol security manager/10.2.3
- version/f5 big-ip protocol security manager/10.2.4
- version/f5 big-ip protocol security manager/11.0.0
- version/f5 big-ip protocol security manager/11.1.0
- version/f5 big-ip protocol security manager/11.2.0
- version/f5 big-ip protocol security manager/11.2.1
- version/f5 big-ip protocol security manager/11.3.0
- version/f5 big-ip protocol security manager/11.4.0
- version/f5 big-ip protocol security manager/11.4.1
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/10.0.0
- version/f5 big-ip link controller/10.0.1
- version/f5 big-ip link controller/10.1.0
- version/f5 big-ip link controller/10.2.0
- version/f5 big-ip link controller/10.2.1
- version/f5 big-ip link controller/10.2.2
- version/f5 big-ip link controller/11.0.0