CVE-2022-23027 BIG-IP versions 15.1.x, 14.1.x, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2 have undisclosed re-read issues when a FastL4 profile and an HTTP, FIX, and/or hash persistence prof END> Firewalls

CVE-2022-23027 BIG-IP versions 15.1.x, 14.1.x, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2 have undisclosed re-read issues when a FastL4 profile and an HTTP, FIX, and/or hash persistence prof

END>

 Firewalls

To work around this issue, administrators can enable the HTTP strict-transport-security profile. Fixed in version 15.1.4. This issue was previously documented as CVE-2017-10911.

Impact:

Virtual server may stop processing new client connections.

Workaround:

Enable the HTTP strict-transport-security profile. Fixed in version 15.1.4. This issue was previously documented as CVE-2017-10912.
Reoccurance:

An attacker may exploit an undisclosed issue to cause the virtual server to stop processing new client connections.

Impact:

Virtual server may stop processing new client connections.
Workaround:

Enable the HTTP strict-transport-security profile. Fixed in version 15.1.4. This issue was previously documented as CVE-2017-10913.

CVE-2023-23028 Impact:


Virtual server may stop processing new client connections.
Workaround:

Enable the HTTP strict-transport-security profile. Fixed in version 15.1.4. This issue was previously documented as CVE-2017-10914

Virtual Server Exposes Internal Network to the Internet

Doing so revealed server information and prompted further attacks.

Impact:

Attackers may exploit an undisclosed issue to cause the virtual server to stop processing new client connections.

Vulnerable version

Virtual Server, version 15.1.3 and earlier
Workaround:

Enable the HTTP strict-transport-security profile. Fixed in version 15.1.4. This issue was previously documented as CVE-2017-10914.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe