CVE-2023-22422

CVSS V2 None CVSS V3 None
Description
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Overview
  • CVE ID
  • CVE-2023-22422
  • Assigner
  • f5sirt@f5.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-01T18:15:11
  • Last Modified Date
  • 2023-02-09T22:00:30
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* 1 OR 16.1.0 16.1.3.3
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* 1 OR 17.0.0 17.0.0.2
References
Reference URL Reference Tags
https://my.f5.com/manage/s/article/K43881487 Vendor Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 07:05:06 Added to TrackCVE
2023-04-17 07:05:08 Weakness Enumeration new