What is the severity of CVE-2015-8099?

CVE-2015-8099 has a critical severity rating due to the potential for remote code execution.

How do I fix CVE-2015-8099?

To fix CVE-2015-8099, upgrade to F5 BIG-IP software versions 11.4.1 HF10, 11.5.4, 11.6.1, or 12.0.0 HF1 or later.

Which F5 products are impacted by CVE-2015-8099?

CVE-2015-8099 impacts various F5 products including BIG-IP LTM, APM, ASM, Analytics, and others.

Is CVE-2015-8099 being actively exploited?

Yes, CVE-2015-8099 is known to be actively exploited in the wild, making it crucial for users to apply the necessary patches.

Vulnerability/
CVE-2015-8099

medium

5.9

CWE

13/5/2016

6/8/2024

CVE-2015-8099: Input Validation

First published: Fri May 13 2016(Updated: )

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
F5 BIG-IP Access Policy Manager	=11.3.0
F5 BIG-IP Access Policy Manager	=11.4.0
F5 BIG-IP Access Policy Manager	=11.4.1
F5 BIG-IP Access Policy Manager	=11.5.0
F5 BIG-IP Access Policy Manager	=11.5.1
F5 BIG-IP Access Policy Manager	=11.5.2
F5 BIG-IP Access Policy Manager	=11.5.3
F5 BIG-IP Access Policy Manager	=11.6.0
F5 BIG-IP Access Policy Manager	=12.0.0
F5 BIG-IP WAN Optimization Manager	=11.3.0
F5 BIG-IP Application Security Manager	=11.3.0
F5 BIG-IP Application Security Manager	=11.4.0
F5 BIG-IP Application Security Manager	=11.4.1
F5 BIG-IP Application Security Manager	=11.5.0
F5 BIG-IP Application Security Manager	=11.5.1
F5 BIG-IP Application Security Manager	=11.5.2
F5 BIG-IP Application Security Manager	=11.5.3
F5 BIG-IP Application Security Manager	=11.6.0
F5 BIG-IP Application Security Manager	=12.0.0
f5 big-ip link controller	=11.3.0
f5 big-ip link controller	=11.4.0
f5 big-ip link controller	=11.4.1
f5 big-ip link controller	=11.5.0
f5 big-ip link controller	=11.5.1
f5 big-ip link controller	=11.5.2
f5 big-ip link controller	=11.5.3
f5 big-ip link controller	=11.6.0
f5 big-ip link controller	=12.0.0
F5 BIG-IP Advanced Firewall Manager	=11.3.0
F5 BIG-IP Advanced Firewall Manager	=11.4.0
F5 BIG-IP Advanced Firewall Manager	=11.4.1
F5 BIG-IP Advanced Firewall Manager	=11.5.0
F5 BIG-IP Advanced Firewall Manager	=11.5.1
F5 BIG-IP Advanced Firewall Manager	=11.5.2
F5 BIG-IP Advanced Firewall Manager	=11.5.3
F5 BIG-IP Advanced Firewall Manager	=11.6.0
F5 BIG-IP Advanced Firewall Manager	=12.0.0
F5 BIG-IP Analytics	=11.3.0
F5 BIG-IP Analytics	=11.4.0
F5 BIG-IP Analytics	=11.4.1
F5 BIG-IP Analytics	=11.5.0
F5 BIG-IP Analytics	=11.5.1
F5 BIG-IP Analytics	=11.5.2
F5 BIG-IP Analytics	=11.5.3
F5 BIG-IP Analytics	=11.6.0
F5 BIG-IP Analytics	=12.0.0
F5 BIG-IP Protocol Security Manager	=11.3.0
F5 BIG-IP Protocol Security Manager	=11.4.0
F5 BIG-IP Protocol Security Manager	=11.4.1
F5 BIG-IQ Device	=4.2.0
F5 BIG-IQ Security	=4.0.0
F5 BIG-IQ Security	=4.1.0
F5 BIG-IQ Security	=4.2.0
F5 BIG-IQ Security	=4.3.0
F5 BIG-IQ Security	=4.4.0
F5 BIG-IQ Security	=4.5.0
F5 BIG-IQ Application Delivery Controller	=4.5.0
F5 BIG-IP Edge Gateway	=11.3.0
F5 BIG-IP Global Traffic Manager	=11.3.0
F5 BIG-IP Global Traffic Manager	=11.4.0
F5 BIG-IP Global Traffic Manager	=11.4.1
F5 BIG-IP Global Traffic Manager	=11.5.0
F5 BIG-IP Global Traffic Manager	=11.5.1
F5 BIG-IP Global Traffic Manager	=11.5.2
F5 BIG-IP Global Traffic Manager	=11.5.3
F5 BIG-IP Global Traffic Manager	=11.6.0
F5 BIG-IP Local Traffic Manager	=10.2.0
F5 BIG-IP Local Traffic Manager	=11.3.0
F5 BIG-IP Local Traffic Manager	=11.4.0
F5 BIG-IP Local Traffic Manager	=11.4.1
F5 BIG-IP Local Traffic Manager	=11.5.0
F5 BIG-IP Local Traffic Manager	=11.5.1
F5 BIG-IP Local Traffic Manager	=11.5.2
F5 BIG-IP Local Traffic Manager	=11.5.3
F5 BIG-IP Local Traffic Manager	=11.6.0
F5 BIG-IP Local Traffic Manager	=12.0.0
F5 BIG-IQ Cloud and Orchestration	=1.0.0
F5 BIG-IQ Cloud and Orchestration	=4.0.0
F5 BIG-IQ Cloud and Orchestration	=4.1.0
F5 BIG-IQ Cloud and Orchestration	=4.2.0
F5 BIG-IQ Cloud and Orchestration	=4.3.0
F5 BIG-IQ Cloud and Orchestration	=4.4.0
F5 BIG-IQ Cloud and Orchestration	=4.5.0
F5 BIG-IQ Centralized Management	=4.6.0
F5 BIG-IQ Device	=4.3.0
F5 BIG-IQ Device	=4.4.0
F5 BIG-IQ Device	=4.5.0
F5 BIG-IP Policy Enforcement Manager	=11.3.0
F5 BIG-IP Policy Enforcement Manager	=11.4.0
F5 BIG-IP Policy Enforcement Manager	=11.4.1
F5 BIG-IP Policy Enforcement Manager	=11.5.0
F5 BIG-IP Policy Enforcement Manager	=11.5.1
F5 BIG-IP Policy Enforcement Manager	=11.5.2
F5 BIG-IP Policy Enforcement Manager	=11.5.3
F5 BIG-IP Policy Enforcement Manager	=11.6.0
F5 BIG-IP Policy Enforcement Manager	=12.0.0
f5 big-ip domain name system	=12.0.0
f5 big-ip application acceleration manager	=11.4.0
f5 big-ip application acceleration manager	=11.4.1
f5 big-ip application acceleration manager	=11.5.0
f5 big-ip application acceleration manager	=11.5.1
f5 big-ip application acceleration manager	=11.5.2
f5 big-ip application acceleration manager	=11.5.3
f5 big-ip application acceleration manager	=11.6.0
f5 big-ip application acceleration manager	=12.0.0
F5 Enterprise Manager	=3.0.0
F5 Enterprise Manager	=3.1.0
F5 Enterprise Manager	=3.1.1
F5 BIG-IP WebAccelerator	=11.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8099?
CVE-2015-8099 has a critical severity rating due to the potential for remote code execution.
How do I fix CVE-2015-8099?
To fix CVE-2015-8099, upgrade to F5 BIG-IP software versions 11.4.1 HF10, 11.5.4, 11.6.1, or 12.0.0 HF1 or later.
What are the affected versions for CVE-2015-8099?
F5 BIG-IP versions 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1 are affected by CVE-2015-8099.
Which F5 products are impacted by CVE-2015-8099?
CVE-2015-8099 impacts various F5 products including BIG-IP LTM, APM, ASM, Analytics, and others.
Is CVE-2015-8099 being actively exploited?
Yes, CVE-2015-8099 is known to be actively exploited in the wild, making it crucial for users to apply the necessary patches.

agent/type
agent/weakness
agent/author
agent/severity
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/f5
canonical/f5 big-ip access policy manager
version/f5 big-ip access policy manager/11.3.0
version/f5 big-ip access policy manager/11.4.0
version/f5 big-ip access policy manager/11.4.1
version/f5 big-ip access policy manager/11.5.0
version/f5 big-ip access policy manager/11.5.1
version/f5 big-ip access policy manager/11.5.2
version/f5 big-ip access policy manager/11.5.3
version/f5 big-ip access policy manager/11.6.0
version/f5 big-ip access policy manager/12.0.0
canonical/f5 big-ip wan optimization manager
version/f5 big-ip wan optimization manager/11.3.0
canonical/f5 big-ip application security manager
version/f5 big-ip application security manager/11.3.0
version/f5 big-ip application security manager/11.4.0
version/f5 big-ip application security manager/11.4.1
version/f5 big-ip application security manager/11.5.0
version/f5 big-ip application security manager/11.5.1
version/f5 big-ip application security manager/11.5.2
version/f5 big-ip application security manager/11.5.3
version/f5 big-ip application security manager/11.6.0
version/f5 big-ip application security manager/12.0.0
canonical/f5 big-ip link controller
version/f5 big-ip link controller/11.3.0
version/f5 big-ip link controller/11.4.0
version/f5 big-ip link controller/11.4.1
version/f5 big-ip link controller/11.5.0
version/f5 big-ip link controller/11.5.1
version/f5 big-ip link controller/11.5.2
version/f5 big-ip link controller/11.5.3
version/f5 big-ip link controller/11.6.0
version/f5 big-ip link controller/12.0.0
canonical/f5 big-ip advanced firewall manager
version/f5 big-ip advanced firewall manager/11.3.0
version/f5 big-ip advanced firewall manager/11.4.0
version/f5 big-ip advanced firewall manager/11.4.1
version/f5 big-ip advanced firewall manager/11.5.0
version/f5 big-ip advanced firewall manager/11.5.1
version/f5 big-ip advanced firewall manager/11.5.2
version/f5 big-ip advanced firewall manager/11.5.3
version/f5 big-ip advanced firewall manager/11.6.0
version/f5 big-ip advanced firewall manager/12.0.0
canonical/f5 big-ip analytics
version/f5 big-ip analytics/11.3.0
version/f5 big-ip analytics/11.4.0
version/f5 big-ip analytics/11.4.1
version/f5 big-ip analytics/11.5.0
version/f5 big-ip analytics/11.5.1
version/f5 big-ip analytics/11.5.2
version/f5 big-ip analytics/11.5.3
version/f5 big-ip analytics/11.6.0
version/f5 big-ip analytics/12.0.0
canonical/f5 big-ip protocol security manager
version/f5 big-ip protocol security manager/11.3.0
version/f5 big-ip protocol security manager/11.4.0
version/f5 big-ip protocol security manager/11.4.1
canonical/f5 big-iq device
version/f5 big-iq device/4.2.0
canonical/f5 big-iq security
version/f5 big-iq security/4.0.0
version/f5 big-iq security/4.1.0
version/f5 big-iq security/4.2.0
version/f5 big-iq security/4.3.0
version/f5 big-iq security/4.4.0
version/f5 big-iq security/4.5.0
canonical/f5 big-iq application delivery controller
version/f5 big-iq application delivery controller/4.5.0
canonical/f5 big-ip edge gateway
version/f5 big-ip edge gateway/11.3.0
canonical/f5 big-ip global traffic manager
version/f5 big-ip global traffic manager/11.3.0
version/f5 big-ip global traffic manager/11.4.0
version/f5 big-ip global traffic manager/11.4.1
version/f5 big-ip global traffic manager/11.5.0
version/f5 big-ip global traffic manager/11.5.1
version/f5 big-ip global traffic manager/11.5.2
version/f5 big-ip global traffic manager/11.5.3
version/f5 big-ip global traffic manager/11.6.0
canonical/f5 big-ip local traffic manager
version/f5 big-ip local traffic manager/10.2.0
version/f5 big-ip local traffic manager/11.3.0
version/f5 big-ip local traffic manager/11.4.0
version/f5 big-ip local traffic manager/11.4.1
version/f5 big-ip local traffic manager/11.5.0
version/f5 big-ip local traffic manager/11.5.1
version/f5 big-ip local traffic manager/11.5.2
version/f5 big-ip local traffic manager/11.5.3
version/f5 big-ip local traffic manager/11.6.0
version/f5 big-ip local traffic manager/12.0.0
canonical/f5 big-iq cloud and orchestration
version/f5 big-iq cloud and orchestration/1.0.0
version/f5 big-iq cloud and orchestration/4.0.0
version/f5 big-iq cloud and orchestration/4.1.0
version/f5 big-iq cloud and orchestration/4.2.0
version/f5 big-iq cloud and orchestration/4.3.0
version/f5 big-iq cloud and orchestration/4.4.0
version/f5 big-iq cloud and orchestration/4.5.0
canonical/f5 big-iq centralized management
version/f5 big-iq centralized management/4.6.0
version/f5 big-iq device/4.3.0
version/f5 big-iq device/4.4.0
version/f5 big-iq device/4.5.0
canonical/f5 big-ip policy enforcement manager
version/f5 big-ip policy enforcement manager/11.3.0
version/f5 big-ip policy enforcement manager/11.4.0
version/f5 big-ip policy enforcement manager/11.4.1
version/f5 big-ip policy enforcement manager/11.5.0
version/f5 big-ip policy enforcement manager/11.5.1
version/f5 big-ip policy enforcement manager/11.5.2
version/f5 big-ip policy enforcement manager/11.5.3
version/f5 big-ip policy enforcement manager/11.6.0
version/f5 big-ip policy enforcement manager/12.0.0
canonical/f5 big-ip domain name system
version/f5 big-ip domain name system/12.0.0
canonical/f5 big-ip application acceleration manager
version/f5 big-ip application acceleration manager/11.4.0
version/f5 big-ip application acceleration manager/11.4.1
version/f5 big-ip application acceleration manager/11.5.0
version/f5 big-ip application acceleration manager/11.5.1
version/f5 big-ip application acceleration manager/11.5.2
version/f5 big-ip application acceleration manager/11.5.3
version/f5 big-ip application acceleration manager/11.6.0
version/f5 big-ip application acceleration manager/12.0.0
canonical/f5 enterprise manager
version/f5 enterprise manager/3.0.0
version/f5 enterprise manager/3.1.0
version/f5 enterprise manager/3.1.1
canonical/f5 big-ip webaccelerator
version/f5 big-ip webaccelerator/11.3.0

CVE-2015-8099: Input Validation

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8099?

How do I fix CVE-2015-8099?

What are the affected versions for CVE-2015-8099?

Which F5 products are impacted by CVE-2015-8099?

Is CVE-2015-8099 being actively exploited?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-8099?

How do I fix CVE-2015-8099?

What are the affected versions for CVE-2015-8099?

Which F5 products are impacted by CVE-2015-8099?

Is CVE-2015-8099 being actively exploited?