CVE-2019-6682

Published: Dic 23, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-16241 Aliases: GSD-2019-6682
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM 4,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial

Description

AI Translation Available

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side features, such as Data Guard or response-side learning.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0089
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

400

Uncontrolled Resource Consumption

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Access Control Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Bypass Protection Mechanism Other
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 13.1.0 (inclusive)
To 13.1.3.2 (exclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.5 (inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 11.5.2 (inclusive)
To 11.6.5 (inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 14.1.0 (inclusive)
To 14.1.2.3 (exclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.0 (exclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://support.f5.com/csp/article/K40452417
Vendor Advisory
https://support.f5.com/csp/article/K40452417
https://support.f5.com/csp/article/K40452417
Vendor Advisory
https://support.f5.com/csp/article/K40452417