VYPR

Big IP Pem

by F5, Inc.

CVEs (8)

  • CVE-2018-5503HigMar 22, 2018
    risk 0.49cvss 7.5epss 0.02

    On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action.

  • CVE-2017-6144HigOct 20, 2017
    risk 0.48cvss 7.4epss 0.01

    In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC…

  • CVE-2017-6169MedFeb 6, 2018
    risk 0.44cvss 6.8epss 0.01

    In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.

  • CVE-2017-6160MedOct 27, 2017
    risk 0.39cvss 5.9epss 0.04

    In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed…

  • CVE-2018-5508MedApr 13, 2018
    risk 0.38cvss 5.9epss 0.01

    On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or 11.2.1, under certain conditions, TMM may crash when processing compressed data though a Virtual Server with an associated PEM profile using the content insertion option.

  • CVE-2025-22891Feb 5, 2025
    risk 0.00cvss epss 0.00

    When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have…

  • CVE-2020-5942Nov 5, 2020
    risk 0.00cvss epss 0.01

    In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the…

  • CVE-2019-6628Jul 3, 2019
    risk 0.00cvss epss 0.01

    On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier.