{"containers": {"cna": {"affected": [{"product": "BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM", "vendor": "F5 Networks, Inc.", "versions": [{"status": "affected", "version": "12.0.0 - 12.1.2"}, {"status": "affected", "version": "11.6.0 &#xe2"}, {"status": "affected", "version": "&#x80"}, {"status": "affected", "version": "\" 11.6.1"}, {"status": "affected", "version": "11.4.0 &#xe2"}, {"status": "affected", "version": "\" 11.5.4"}]}], "datePublic": "2017-10-26T00:00:00", "descriptions": [{"lang": "en", "value": "In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed."}], "problemTypes": [{"descriptions": [{"description": "denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-01T09:57:01", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"name": "1039671", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039671"}, {"name": "101606", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101606"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K22541983"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "DATE_PUBLIC": "2017-10-26T00:00:00", "ID": "CVE-2017-6163", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM", "version": {"version_data": [{"version_value": "12.0.0 - 12.1.2"}, {"version_value": "11.6.0 &#xe2"}, {"version_value": "&#x80"}, {"version_value": "\" 11.6.1"}, {"version_value": "11.4.0 &#xe2"}, {"version_value": "&#x80"}, {"version_value": "\" 11.5.4"}]}}]}, "vendor_name": "F5 Networks, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "denial of service"}]}]}, "references": {"reference_data": [{"name": "1039671", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039671"}, {"name": "101606", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101606"}, {"name": "https://support.f5.com/csp/article/K22541983", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K22541983"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:18:49.907Z"}, "title": "CVE Program Container", "references": [{"name": "1039671", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039671"}, {"name": "101606", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101606"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K22541983"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2017-6163", "datePublished": "2017-10-27T14:00:00Z", "dateReserved": "2017-02-21T00:00:00", "dateUpdated": "2024-09-16T20:37:49.159Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5D5E66B-9666-4B6D-BB8B-B640188968E9", "versionEndIncluding": "11.5.3", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2B502F2-404C-463B-B6BE-87489DC881F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A82C7B1C-E195-4D94-B604-78FB464C4F81", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8F6C3144-D0DE-4248-BFCD-04A7E6104044", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0357B5ED-0600-4756-93E5-692987068596", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBBAEB39-4C78-483E-B60D-CE3607C65389", "versionEndIncluding": "11.5.4", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5B40837-EC2B-41FB-ACC3-806054EAF28C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "48BE0210-7058-462A-BA17-845D3E4F52FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CA2FA6B-3930-432F-8FB5-E73604CEFE42", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "ECA90FB8-E2CD-400F-B753-1B482E7FAC96", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6FEC804B-35DB-4A0C-9AEA-15527E0CC1B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BEB228A9-0C01-4531-B2B2-38BB7B0E02E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "26066159-46E1-4D70-A03A-EB9A167ABC92", "versionEndIncluding": "11.5.4", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B276E4DF-69FC-4158-B93A-781A45605034", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "CBAB92C5-2D50-49CC-AECA-0D16BC44A788", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "532AAF54-64EF-4852-B4F1-D5E660463704", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC827031-CA39-4081-8CE0-30EAC78DF756", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7569903B-3A15-4A10-863B-6828337DD268", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "45825991-D17D-42F1-87B4-7DF86B098B45", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ADD8BEA-9FFF-467F-92E9-C855B439936E", "versionEndIncluding": "11.5.4", "versionStartIncluding": "11.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E33BCA5B-CE91-451C-9821-2023A9E461C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCD2044C-AC6F-4145-B1A0-8EB26DCF1F8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5FC866D4-CE8C-4408-AD1E-8643AC554CC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7563D979-BE37-4251-B92E-0DBDBE53F3FF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E722C9E-034C-4905-8C6F-48DB78DEFCE0", "versionEndIncluding": "11.5.4", "versionStartIncluding": "11.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "475F0EF8-42CB-4099-9C4A-390F946C4924", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "94DBCD7A-E4DA-4C08-87A4-960CF53A83E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B0A70A-D101-443E-A543-5EC35E23D66F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2DB2118A-0F9C-4273-BB07-85FEA32C785B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8541C9EF-69A8-4641-B173-3BCE0EDD20A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E24A3C71-0075-4738-B114-267337D050CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BA07A5E-D649-4725-9E2B-5BF496296151", "versionEndIncluding": "11.5.4", "versionStartIncluding": "11.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "5CDEC701-DAB3-4D92-AA67-B886E6693E46", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C641B4F-DCFF-4A1B-9E00-EDF18A270241", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E90C12AF-44BA-44A2-89ED-0C2497EEC8A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BBBB6E7C-DA1A-479F-9DD2-DE0C3CA82E92", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4913B437-33FF-4B5E-A855-9DA00B35E3B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EDCFE65B-340B-4F7D-93A1-4390BBC8E67F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A89726B-93EB-4F49-B395-017CA90F1399", "versionEndIncluding": "11.5.4", "versionStartIncluding": "11.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "C1EA4F45-35F7-4687-8D1A-A5ACD846500A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "23FF9627-E561-4CF7-A685-6E33D2F6C98C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "64273A2C-E5A1-4605-92DD-EBECC7F051D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E60CA151-1C3A-45B3-B939-E6F80063C595", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "58BAD5A9-9C67-4056-9344-07C8C42C8E88", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D95A60B-FD05-4701-A2F8-CA675416A41D", "versionEndIncluding": "11.5.4", "versionStartExcluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1A04AE2-1877-49DC-ACF2-FE741CBF9A60", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B012CDE-BE1C-4F32-8500-B9E221CC53D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E717BBE7-F15A-4B41-BEF8-43FC5E9F4E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A8574970-8827-4332-93AA-791AC582294E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E608782B-6330-4B14-8E40-4C906E9D6909", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1FBDC10C-6594-4554-ABF8-A5F6B7576676", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed."}, {"lang": "es", "value": "En F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM en versiones de software de la 12.0.0 a la 12.1.2, de la 11.6.0 a la 11.6.1 y de la 11.4.0 a la 11.5.4, cuando un servidor virtual utiliza la configuraci\u00f3n est\u00e1ndar de los perfiles SPDY o HTTP/2 con un perfil Client SSL y el cliente inicia un n\u00famero de transmisiones concurrentes superior al l\u00edmite establecido, se puede provocar una interrupci\u00f3n del servicio. El cliente remoto que inicia una transmisi\u00f3n m\u00e1s all\u00e1 del l\u00edmite establecido puede provocar una interrupci\u00f3n del servicio. El plano de datos del TMM (Traffic Management Kernel) est\u00e1 expuesto a este problema. El plano de control no est\u00e1 expuesto."}], "id": "CVE-2017-6163", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-27T14:29:00.483", "references": [{"source": "f5sirt@f5.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101606"}, {"source": "f5sirt@f5.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039671"}, {"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K22541983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K22541983"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}