What is the severity of CVE-2019-6638?

CVE-2019-6638 is rated as a medium severity vulnerability.

How do I fix CVE-2019-6638?

To fix CVE-2019-6638, you need to upgrade to a version of BIG-IP that is above 14.1.0.6 or 14.0.0.5.

Which versions of F5 BIG-IP are affected by CVE-2019-6638?

F5 BIG-IP versions 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4 are affected by CVE-2019-6638.

What type of attack does CVE-2019-6638 allow?

CVE-2019-6638 allows an attacker to send malformed HTTP requests that can cause an infinite loop in the restjavad process.

Is there a workaround for CVE-2019-6638 if I cannot upgrade?

Currently, there are no known workarounds for CVE-2019-6638 other than upgrading to a patched version.

Vulnerability/
CVE-2019-6638

medium

6.5

CWE

835

3/7/2019

4/8/2024

CVE-2019-6638

First published: Wed Jul 03 2019(Updated: )

On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process.

Credit: f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 BIG-IP Local Traffic Manager	>=14.0.0<14.0.0.5
F5 BIG-IP Local Traffic Manager	>=14.1.0<14.1.0.6
f5 big-ip application acceleration manager	>=14.0.0<14.0.0.5
f5 big-ip application acceleration manager	>=14.1.0<14.1.0.6
F5 BIG-IP Advanced Firewall Manager	>=14.0.0<14.0.0.5
F5 BIG-IP Advanced Firewall Manager	>=14.1.0<14.1.0.6
F5 BIG-IP Analytics	>=14.0.0<14.0.0.5
F5 BIG-IP Analytics	>=14.1.0<14.1.0.6
F5 BIG-IP Access Policy Manager	>=14.0.0<14.0.0.5
F5 BIG-IP Access Policy Manager	>=14.1.0<14.1.0.6
F5 BIG-IP Application Security Manager	>=14.0.0<14.0.0.5
F5 BIG-IP Application Security Manager	>=14.1.0<14.1.0.6
f5 big-ip domain name system	>=14.0.0<14.0.0.5
f5 big-ip domain name system	>=14.1.0<14.1.0.6
F5 BIG-IP Edge Gateway	>=14.0.0<14.0.0.5
F5 BIG-IP Edge Gateway	>=14.1.0<14.1.0.6
F5 BIG-IP Global Traffic Manager	>=14.0.0<14.0.0.5
F5 BIG-IP Global Traffic Manager	>=14.1.0<14.1.0.6
f5 big-ip link controller	>=14.0.0<14.0.0.5
f5 big-ip link controller	>=14.1.0<14.1.0.6
F5 BIG-IP Policy Enforcement Manager	>=14.0.0<14.0.0.5
F5 BIG-IP Policy Enforcement Manager	>=14.1.0<14.1.0.6
F5 BIG-IP WebAccelerator	>=14.0.0<14.0.0.5
F5 BIG-IP WebAccelerator	>=14.1.0<14.1.0.6
f5 big-ip fraud protection service	>=14.0.0<14.0.0.5
f5 big-ip fraud protection service	>=14.1.0<14.1.0.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-6638?
CVE-2019-6638 is rated as a medium severity vulnerability.
How do I fix CVE-2019-6638?
To fix CVE-2019-6638, you need to upgrade to a version of BIG-IP that is above 14.1.0.6 or 14.0.0.5.
Which versions of F5 BIG-IP are affected by CVE-2019-6638?
F5 BIG-IP versions 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4 are affected by CVE-2019-6638.
What type of attack does CVE-2019-6638 allow?
CVE-2019-6638 allows an attacker to send malformed HTTP requests that can cause an infinite loop in the restjavad process.
Is there a workaround for CVE-2019-6638 if I cannot upgrade?
Currently, there are no known workarounds for CVE-2019-6638 other than upgrading to a patched version.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/description
agent/last-modified-date
agent/author
agent/severity
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/f5
canonical/f5 big-ip local traffic manager
version/f5 big-ip local traffic manager/14.0.0
version/f5 big-ip local traffic manager/14.1.0
canonical/f5 big-ip application acceleration manager
version/f5 big-ip application acceleration manager/14.0.0
version/f5 big-ip application acceleration manager/14.1.0
canonical/f5 big-ip advanced firewall manager
version/f5 big-ip advanced firewall manager/14.0.0
version/f5 big-ip advanced firewall manager/14.1.0
canonical/f5 big-ip analytics
version/f5 big-ip analytics/14.0.0
version/f5 big-ip analytics/14.1.0
canonical/f5 big-ip access policy manager
version/f5 big-ip access policy manager/14.0.0
version/f5 big-ip access policy manager/14.1.0
canonical/f5 big-ip application security manager
version/f5 big-ip application security manager/14.0.0
version/f5 big-ip application security manager/14.1.0
canonical/f5 big-ip domain name system
version/f5 big-ip domain name system/14.0.0
version/f5 big-ip domain name system/14.1.0
canonical/f5 big-ip edge gateway
version/f5 big-ip edge gateway/14.0.0
version/f5 big-ip edge gateway/14.1.0
canonical/f5 big-ip global traffic manager
version/f5 big-ip global traffic manager/14.0.0
version/f5 big-ip global traffic manager/14.1.0
canonical/f5 big-ip link controller
version/f5 big-ip link controller/14.0.0
version/f5 big-ip link controller/14.1.0
canonical/f5 big-ip policy enforcement manager
version/f5 big-ip policy enforcement manager/14.0.0
version/f5 big-ip policy enforcement manager/14.1.0
canonical/f5 big-ip webaccelerator
version/f5 big-ip webaccelerator/14.0.0
version/f5 big-ip webaccelerator/14.1.0
canonical/f5 big-ip fraud protection service
version/f5 big-ip fraud protection service/14.0.0
version/f5 big-ip fraud protection service/14.1.0

CVE-2019-6638

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-6638?

How do I fix CVE-2019-6638?

Which versions of F5 BIG-IP are affected by CVE-2019-6638?

What type of attack does CVE-2019-6638 allow?

Is there a workaround for CVE-2019-6638 if I cannot upgrade?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-6638?

How do I fix CVE-2019-6638?

Which versions of F5 BIG-IP are affected by CVE-2019-6638?

What type of attack does CVE-2019-6638 allow?

Is there a workaround for CVE-2019-6638 if I cannot upgrade?