Denial of service in F5 Networks products - CVE-2016-9253
Published: May 12, 2017
Vulnerability identifier: #VU6532
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green
CVE-ID: CVE-2016-9253
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: F5 Networks
Affected software:
BIG-IP AAM
BIG-IP DNS
BIG-IP Link Controller
BIG-IP AFM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP LTM
BIG-IP PEM
BIG-IP WebSafe
BIG-IP AAM
BIG-IP DNS
BIG-IP Link Controller
BIG-IP AFM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP LTM
BIG-IP PEM
BIG-IP WebSafe
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness exists due to improper validation of user-supplied input. A remote attacker can submit a specially crafted websocket traffic and cause the affected server to crash.
Successful exploitation of the vulnerability may result in denial of service.
The weakness exists due to improper validation of user-supplied input. A remote attacker can submit a specially crafted websocket traffic and cause the affected server to crash.
Successful exploitation of the vulnerability may result in denial of service.
How to mitigate CVE-2016-9253
Install update from vendor's website.