CVE-2018-5514

HIGH

F5 BIG-IP 13.1.0-13.1.0.5 - Denial of Service via Malicious HTTP/2 Request Frames

Title source: llm
STIX 2.1

Description

On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K45320419
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040804
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104097

Scores

CVSS v3 7.5
EPSS 0.0268
EPSS Percentile 86.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (13)
f5/big-ip_access_policy_manager 13.1.0 - 13.1.0.5
f5/big-ip_advanced_firewall_manager 13.1.0 - 13.1.0.5
f5/big-ip_analytics 13.1.0 - 13.1.0.5
f5/big-ip_application_acceleration_manager 13.1.0 - 13.1.0.5
f5/big-ip_application_security_manager 13.1.0 - 13.1.0.5
f5/big-ip_domain_name_system 13.1.0 - 13.1.0.5
f5/big-ip_edge_gateway 13.1.0 - 13.1.0.5
f5/big-ip_global_traffic_manager 13.1.0 - 13.1.0.5
f5/big-ip_link_controller 13.1.0 - 13.1.0.5
f5/big-ip_local_traffic_manager 13.1.0 - 13.1.0.5
... and 3 more
Published May 02, 2018
Tracked Since Feb 18, 2026