CVE-2019-6634

First published: Wed Jul 03 2019(Updated: )

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role.

Credit: f5sirt@f5.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/author
• agent/severity
• agent/references
• agent/type
• agent/event
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• agent/tags
• agent/description
• collector/mitre-cve
• source/MITRE
• vendor/f5
• canonical/f5 big-ip local traffic manager
• version/f5 big-ip local traffic manager/12.1.0
• version/f5 big-ip local traffic manager/13.0.0
• version/f5 big-ip local traffic manager/14.0.0
• version/f5 big-ip local traffic manager/14.1.0
• canonical/f5 big-ip application acceleration manager
• version/f5 big-ip application acceleration manager/12.1.0
• version/f5 big-ip application acceleration manager/13.0.0
• version/f5 big-ip application acceleration manager/14.0.0
• version/f5 big-ip application acceleration manager/14.1.0
• canonical/f5 big-ip advanced firewall manager
• version/f5 big-ip advanced firewall manager/12.1.0
• version/f5 big-ip advanced firewall manager/13.0.0
• version/f5 big-ip advanced firewall manager/14.0.0
• version/f5 big-ip advanced firewall manager/14.1.0
• canonical/f5 big-ip analytics
• version/f5 big-ip analytics/12.1.0
• version/f5 big-ip analytics/13.0.0
• version/f5 big-ip analytics/14.0.0
• version/f5 big-ip analytics/14.1.0
• canonical/f5 big-ip access policy manager
• version/f5 big-ip access policy manager/12.1.0
• version/f5 big-ip access policy manager/13.0.0
• version/f5 big-ip access policy manager/14.0.0
• version/f5 big-ip access policy manager/14.1.0
• canonical/f5 big-ip application security manager
• version/f5 big-ip application security manager/12.1.0
• version/f5 big-ip application security manager/13.0.0
• version/f5 big-ip application security manager/14.0.0
• version/f5 big-ip application security manager/14.1.0
• canonical/f5 big-ip domain name system
• version/f5 big-ip domain name system/12.1.0
• version/f5 big-ip domain name system/13.0.0
• version/f5 big-ip domain name system/14.0.0
• version/f5 big-ip domain name system/14.1.0
• canonical/f5 big-ip edge gateway
• version/f5 big-ip edge gateway/12.1.0
• version/f5 big-ip edge gateway/13.0.0
• version/f5 big-ip edge gateway/14.0.0
• version/f5 big-ip edge gateway/14.1.0
• canonical/f5 big-ip global traffic manager
• version/f5 big-ip global traffic manager/12.1.0
• version/f5 big-ip global traffic manager/13.0.0
• version/f5 big-ip global traffic manager/14.0.0
• version/f5 big-ip global traffic manager/14.1.0
• canonical/f5 big-ip link controller
• version/f5 big-ip link controller/12.1.0
• version/f5 big-ip link controller/13.0.0
• version/f5 big-ip link controller/14.0.0
• version/f5 big-ip link controller/14.1.0
• canonical/f5 big-ip policy enforcement manager
• version/f5 big-ip policy enforcement manager/12.1.0
• version/f5 big-ip policy enforcement manager/13.0.0
• version/f5 big-ip policy enforcement manager/14.0.0
• version/f5 big-ip policy enforcement manager/14.1.0
• canonical/f5 big-ip webaccelerator
• version/f5 big-ip webaccelerator/12.1.0
• version/f5 big-ip webaccelerator/13.0.0
• version/f5 big-ip webaccelerator/14.0.0
• version/f5 big-ip webaccelerator/14.1.0
• canonical/f5 big-ip fraud protection service
• version/f5 big-ip fraud protection service/12.1.0
• version/f5 big-ip fraud protection service/13.0.0
• version/f5 big-ip fraud protection service/14.0.0
• version/f5 big-ip fraud protection service/14.1.0