CVE-2017-0303
HIGHF5 BIG-IP 11.5.1-13.0.0 Resource Starvation via SOCKS Profile
Title source: llmDescription
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K30201296
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101612
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039674
Scores
CVSS v3
7.5
EPSS
0.0266
EPSS Percentile
83.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-459
Status
published
Products (50)
f5/big-ip_access_policy_manager
11.5.0
f5/big-ip_access_policy_manager
11.5.1
f5/big-ip_access_policy_manager
11.5.2
f5/big-ip_access_policy_manager
11.5.3
f5/big-ip_access_policy_manager
11.5.4
f5/big-ip_access_policy_manager
11.5.5
f5/big-ip_access_policy_manager
11.6.0
f5/big-ip_access_policy_manager
11.6.1
f5/big-ip_access_policy_manager
12.0.0
f5/big-ip_access_policy_manager
12.1.0
... and 40 more
Published
Oct 27, 2017
Tracked Since
Feb 18, 2026