CVE-2019-6660

Published Nov 15, 2019
Last updated 5 years ago
CVSS high 7.5
Overview

Description: On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.
Source: f5sirt@f5.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses

nvd@nist.gov: CWE-400
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77A8EFA2-50FD-4187-A6F2-7E05A10585E5",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58C8E163-2A45-4C64-A7C2-5686C1EB3C78",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83963214-62C5-49F7-BA25-0D2440C910E8",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13B9A1CD-831E-4026-81B8-DDB390D2A918",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E17D443D-9E5D-4F41-A539-6D7842B21E25",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "650355BC-70D0-49C2-9256-8D256A145038",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F3F7128-293E-4489-B2F2-E47B307D8855",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FA8C03D-3661-446D-B502-BEB52B7B6305",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB4031E1-43D6-4B54-BF77-AAB8B29399C3",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5F74476-72A3-4A29-BFB4-C908288B5DAD",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1503B2F8-3549-4E52-87E9-6F0FD91F1428",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BEBE938-67A7-43E8-8973-E749ACC32F64",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "332440D2-9E8D-4E9A-8CCB-224734F85DD9",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8BA9BE0-1646-41EF-BCE2-7BD4021196C5",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB776539-CD9F-4447-A2DC-9B7EF4DFE341",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1C3876D-E0E3-4D3A-AE2E-B84DC815AA83",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7B34FC0-168E-4CA8-B1F4-BDC0D2213280",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE667B60-8CA7-478E-AD76-1BDEBAE5A691",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7CB6D51-13EF-4E31-9D07-2A6596BED7B3",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "678B7FC3-6796-4159-BF2B-8FAD49E0F566",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F61C9261-F842-47EB-87C8-F284EA9818AA",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEAE3B73-78A2-41B4-BBB5-0EF3E8BC01AD",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0E47FF6-A851-4588-9F39-B292D4147AE6",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7D18CF1-5C74-4681-B356-CB2DD75DBF19",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE3B2238-5593-43D5-AFFC-7F3F5D7A0C4B",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D960933D-9476-4473-A3FB-0032C051BE50",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0913B326-07B9-4133-8726-D5D34E7DB01B",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D2C10B3-8D78-42BD-9C3F-AFB5D231FD0E",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44D33B41-F19D-4B46-9F9E-FC03051EBB0C",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD08072C-438D-41BF-976D-B1B006E55C1F",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6129CC28-2FA8-4FD8-824B-5BB8FFC67D2D",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63529AEA-8B74-4CA1-BADF-14514D243DC5",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4D87CCF-ED81-4B69-9D02-D5B79082E0FF",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4007A096-2F53-4FAA-9429-48ED292D576F",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE65180C-47C8-41CF-B6C7-181259605B2C",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA2E2944-484A-47B5-947A-10C3C09E6C33",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB5339E8-42D8-400E-B40C-42DF2153CD12",
            "versionEndExcluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54E703A5-F9F1-4DDA-8B70-D3C6F51038B6",
            "versionEndExcluding": "14.0.1.1",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "226F4AFF-1A4F-48ED-9B4E-8CD6043AB53C",
            "versionEndExcluding": "14.1.2.1",
            "versionStartIncluding": "14.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
