Month: octubre 2023

Publication Date: 2023/10/10 05:00 AM PDT AWS is aware of CVE-2023-44487, also known as "HTTP/2 Rapid Reset Attack," related to HTTP/2 capable web servers where rapid stream generation and cancellation can result in additional load which could lead to a Denial of Service. AWS infrastructure is designed with various protections to address Layer 7 request floods, we have implemented additional mitigations to address this issue. AWS also recommends customers who operate their own HTTP/2 More info: https://aws.amazon.com/security/security-bulletins/AWS-2023-011/

Security Advisory Description Exposure of Sensitive Information vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command, which may allow an authenticated attacker with resource ... More info: https://my.f5.com/manage/s/article/K20307245?utm_source=f5support&utm_medium=RSS

Security Advisory Description An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the ... More info: https://my.f5.com/manage/s/article/K000135040?utm_source=f5support&utm_medium=RSS

Security Advisory Description Note: F5 is committed to responding quickly to potential vulnerabilities in F5 products. As with all publicly known vulnerabilities, F5 is committed to publishing a ... More info: https://my.f5.com/manage/s/article/K000137053?utm_source=f5support&utm_medium=RSS

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ... More info: https://my.f5.com/manage/s/article/K000137106?utm_source=f5support&utm_medium=RSS

Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing BIG-IP external ... More info: https://my.f5.com/manage/s/article/K41072952?utm_source=f5support&utm_medium=RSS

Security Advisory Description Exposure of Sensitive Information vulnerability exists in an undisclosed BIG-IP TMOS shell (tmsh) command, which may allow an authenticated attacker with resource ... More info: https://my.f5.com/manage/s/article/K20307245?utm_source=f5support&utm_medium=RSS

Security Advisory Description When TACACS+ audit forwarding is configured on a BIG-IP or BIG-IQ system, shared secret is logged in plaintext in the audit log. (CVE-2023-43485) Impact An ... More info: https://my.f5.com/manage/s/article/K06110200?utm_source=f5support&utm_medium=RSS

Security Advisory Description A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_ ... More info: https://my.f5.com/manage/s/article/K000137186?utm_source=f5support&utm_medium=RSS

Security Advisory Description LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. (CVE-2021-26401) Impact There is no impact; F5 products are not affected by ... More info: https://my.f5.com/manage/s/article/K000137188?utm_source=f5support&utm_medium=RSS