What is the severity of CVE-2015-8240?

CVE-2015-8240 is classified as a medium severity vulnerability.

How do I fix CVE-2015-8240?

To fix CVE-2015-8240, upgrade your F5 BIG-IP software to a version above the specified vulnerable versions.

Can CVE-2015-8240 be exploited remotely?

Yes, CVE-2015-8240 can be exploited by remote attackers, which poses a risk to unpatched systems.

Vulnerability/
CVE-2015-8240

high

7.5

CWE

11/4/2016

6/8/2024

CVE-2015-8240

First published: Mon Apr 11 2016(Updated: )

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers to cause a denial of service via unspecified vectors, related to the tm.minpathmtu database variable.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
F5 BIG-IP Access Policy Manager	=11.4.1
F5 BIG-IP Access Policy Manager	=11.5.3
F5 BIG-IP Access Policy Manager	=11.6.0
F5 BIG-IP Advanced Firewall Manager	=11.4.1
F5 BIG-IP Advanced Firewall Manager	=11.5.3
F5 BIG-IP Advanced Firewall Manager	=11.6.0
F5 BIG-IP Analytics	=11.4.1
F5 BIG-IP Analytics	=11.5.3
F5 BIG-IP Analytics	=11.6.0
f5 big-ip application acceleration manager	=11.4.1
f5 big-ip application acceleration manager	=11.5.3
f5 big-ip application acceleration manager	=11.6.0
F5 BIG-IP Application Security Manager	=11.4.1
F5 BIG-IP Application Security Manager	=11.5.3
F5 BIG-IP Application Security Manager	=11.6.0
F5 BIG-IP Global Traffic Manager	=11.4.1
F5 BIG-IP Global Traffic Manager	=11.5.3
F5 BIG-IP Global Traffic Manager	=11.6.0
f5 big-ip link controller	=11.4.1
f5 big-ip link controller	=11.5.3
f5 big-ip link controller	=11.6.0
F5 BIG-IP Local Traffic Manager	=11.4.1
F5 BIG-IP Local Traffic Manager	=11.5.3
F5 BIG-IP Local Traffic Manager	=11.6.0
F5 BIG-IP Policy Enforcement Manager	=11.4.1
F5 BIG-IP Policy Enforcement Manager	=11.5.3
F5 BIG-IP Policy Enforcement Manager	=11.6.0
F5 BIG-IP Protocol Security Manager	=11.4.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8240?
CVE-2015-8240 is classified as a medium severity vulnerability.
How do I fix CVE-2015-8240?
To fix CVE-2015-8240, upgrade your F5 BIG-IP software to a version above the specified vulnerable versions.
Which F5 BIG-IP products are affected by CVE-2015-8240?
CVE-2015-8240 affects F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM components.
What versions of F5 BIG-IP are vulnerable to CVE-2015-8240?
F5 BIG-IP versions prior to 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 are vulnerable to CVE-2015-8240.
Can CVE-2015-8240 be exploited remotely?
Yes, CVE-2015-8240 can be exploited by remote attackers, which poses a risk to unpatched systems.

agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/last-modified-date
agent/weakness
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/f5
canonical/f5 big-ip access policy manager
version/f5 big-ip access policy manager/11.4.1
version/f5 big-ip access policy manager/11.5.3
version/f5 big-ip access policy manager/11.6.0
canonical/f5 big-ip advanced firewall manager
version/f5 big-ip advanced firewall manager/11.4.1
version/f5 big-ip advanced firewall manager/11.5.3
version/f5 big-ip advanced firewall manager/11.6.0
canonical/f5 big-ip analytics
version/f5 big-ip analytics/11.4.1
version/f5 big-ip analytics/11.5.3
version/f5 big-ip analytics/11.6.0
canonical/f5 big-ip application acceleration manager
version/f5 big-ip application acceleration manager/11.4.1
version/f5 big-ip application acceleration manager/11.5.3
version/f5 big-ip application acceleration manager/11.6.0
canonical/f5 big-ip application security manager
version/f5 big-ip application security manager/11.4.1
version/f5 big-ip application security manager/11.5.3
version/f5 big-ip application security manager/11.6.0
canonical/f5 big-ip global traffic manager
version/f5 big-ip global traffic manager/11.4.1
version/f5 big-ip global traffic manager/11.5.3
version/f5 big-ip global traffic manager/11.6.0
canonical/f5 big-ip link controller
version/f5 big-ip link controller/11.4.1
version/f5 big-ip link controller/11.5.3
version/f5 big-ip link controller/11.6.0
canonical/f5 big-ip local traffic manager
version/f5 big-ip local traffic manager/11.4.1
version/f5 big-ip local traffic manager/11.5.3
version/f5 big-ip local traffic manager/11.6.0
canonical/f5 big-ip policy enforcement manager
version/f5 big-ip policy enforcement manager/11.4.1
version/f5 big-ip policy enforcement manager/11.5.3
version/f5 big-ip policy enforcement manager/11.6.0
canonical/f5 big-ip protocol security manager
version/f5 big-ip protocol security manager/11.4.1

CVE-2015-8240

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8240?

How do I fix CVE-2015-8240?

Which F5 BIG-IP products are affected by CVE-2015-8240?

What versions of F5 BIG-IP are vulnerable to CVE-2015-8240?

Can CVE-2015-8240 be exploited remotely?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-8240?

How do I fix CVE-2015-8240?

Which F5 BIG-IP products are affected by CVE-2015-8240?

What versions of F5 BIG-IP are vulnerable to CVE-2015-8240?

Can CVE-2015-8240 be exploited remotely?