Medium severity5.9NVD Advisory· Published Oct 27, 2017· Updated May 13, 2026

CVE-2017-6163

Description

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed.

Affected products

F5 Networks, Inc./BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSMv5
Range: 12.0.0 - 12.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/101606nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039671nvdThird Party AdvisoryVDB Entry
support.f5.com/csp/article/K22541983nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000