CVE-2017-6141
MEDIUMF5 BIG-IP 12.1.0-12.1.2 DoS via TLS Abbreviated Handshake
Title source: llmDescription
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K21154730
Scores
CVSS v3
5.9
EPSS
0.0065
EPSS Percentile
71.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (25)
f5/big-ip_access_policy_manager
12.1.0
f5/big-ip_access_policy_manager
12.1.1
f5/big-ip_access_policy_manager
12.1.2
f5/big-ip_advanced_firewall_manager
12.1.0
f5/big-ip_advanced_firewall_manager
12.1.1
f5/big-ip_advanced_firewall_manager
12.1.2
f5/big-ip_application_acceleration_manager
12.1.0
f5/big-ip_application_acceleration_manager
12.1.1
f5/big-ip_application_acceleration_manager
12.1.2
f5/big-ip_application_security_manager
12.1.0
... and 15 more
Published
Oct 20, 2017
Tracked Since
Feb 18, 2026