CVE-2019-6682 - OpenCVE

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side features, such as Data Guard or response-side learning.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Big-ip Application Security Manager

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::

No data.

References

Link	Providers
https://support.f5.com/csp/article/K40452417

History

No history.

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2019-12-23T16:54:57

Updated: 2024-08-04T20:31:03.619Z

Reserved: 2019-01-22T00:00:00

Link: CVE-2019-6682

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-12-23T17:15:12.410

Modified: 2019-12-30T17:44:49.620

Link: CVE-2019-6682

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "BIG-IP ASM", "vendor": "F5", "versions": [{"status": "affected", "version": "15.0.0-15.0.1.1"}, {"status": "affected", "version": "14.0.0-14.1.2.2"}, {"status": "affected", "version": "13.1.0-13.1.3.1"}, {"status": "affected", "version": "12.1.0-12.1.5"}, {"status": "affected", "version": "11.5.2-11.6.5.1"}]}], "descriptions": [{"lang": "en", "value": "On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side features, such as Data Guard or response-side learning."}], "problemTypes": [{"descriptions": [{"description": "DoS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-23T16:54:57", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K40452417"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "ID": "CVE-2019-6682", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP ASM", "version": {"version_data": [{"version_value": "15.0.0-15.0.1.1"}, {"version_value": "14.0.0-14.1.2.2"}, {"version_value": "13.1.0-13.1.3.1"}, {"version_value": "12.1.0-12.1.5"}, {"version_value": "11.5.2-11.6.5.1"}]}}]}, "vendor_name": "F5"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side features, such as Data Guard or response-side learning."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DoS"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K40452417", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K40452417"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:31:03.619Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K40452417"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2019-6682", "datePublished": "2019-12-23T16:54:57", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:31:03.619Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BD61B6A-4E98-4D2C-92BC-FED15CEE39A6", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "19699BA9-2324-40C5-81B9-0EA6A45109AA", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7B3A867-DAD2-415D-A720-FA78CF59CE5B", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E08E3F72-4CEF-4607-8B27-515E6471B9D1", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side features, such as Data Guard or response-side learning."}, {"lang": "es", "value": "En las versiones 15.0.0 hasta 15.0.1.1, 14.0.0 hasta 14.1.2.2, 13.1.0 hasta 13.1.3.1, 12.1.0 hasta 12.1.5 y 11.5.2 hasta 11.6.5.1, el sistema BIG-IP ASM puede consumir recursos excesivos cuando procesa determinados tipos de respuestas HTTP desde el servidor web de origen. Esta vulnerabilidad es solo conocida por afectar a los sistemas con recursos limitados en los que la pol\u00edtica de seguridad est\u00e1 configurada con funcionalidades del lado de la respuesta, tales como Data Guard o el aprendizaje del lado de la respuesta."}], "id": "CVE-2019-6682", "lastModified": "2019-12-30T17:44:49.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-23T17:15:12.410", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K40452417"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}