CVE-2022-23027 BIG-IP versions 15.1.x, 14.1.x, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2 have undisclosed re-read issues when a FastL4 profile and an HTTP, FIX, and/or hash persistence prof END> Firewalls
To work around this issue, administrators can enable the HTTP strict-transport-security profile. Fixed in version 15.1.4. This issue was previously documented as CVE-2017-10911.
Impact:
Virtual server may stop processing new client connections.
Workaround:
Enable the HTTP strict-transport-security profile. Fixed in version 15.1.4. This issue was previously documented as CVE-2017-10912.
Reoccurance:
An attacker may exploit an undisclosed issue to cause the virtual server to stop processing new client connections.
Impact:
Virtual server may stop processing new client connections.
Workaround:
Enable the HTTP strict-transport-security profile. Fixed in version 15.1.4. This issue was previously documented as CVE-2017-10913.
CVE-2023-23028 Impact:
Virtual server may stop processing new client connections.
Workaround:
Enable the HTTP strict-transport-security profile. Fixed in version 15.1.4. This issue was previously documented as CVE-2017-10914
Virtual Server Exposes Internal Network to the Internet
Doing so revealed server information and prompted further attacks.
Impact:
Attackers may exploit an undisclosed issue to cause the virtual server to stop processing new client connections.
Vulnerable version
Virtual Server, version 15.1.3 and earlier
Workaround:
Enable the HTTP strict-transport-security profile. Fixed in version 15.1.4. This issue was previously documented as CVE-2017-10914.
Timeline
Published on: 01/25/2022 20:15:00 UTC
Last modified on: 02/01/2022 17:40:00 UTC