CVE-2019-6634

MEDIUM

F5 BIG-IP 12.1.0-12.1.4 - Authenticated Denial of Service via Malformed Analytics Report Requests

Title source: llm
STIX 2.1

Description

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K64855220
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/109104

Scores

CVSS v3 6.5
EPSS 0.0034
EPSS Percentile 56.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (13)
f5/big-ip_access_policy_manager 12.1.0 - 12.1.4.1
f5/big-ip_advanced_firewall_manager 12.1.0 - 12.1.4.1
f5/big-ip_analytics 12.1.0 - 12.1.4.1
f5/big-ip_application_acceleration_manager 12.1.0 - 12.1.4.1
f5/big-ip_application_security_manager 12.1.0 - 12.1.4.1
f5/big-ip_domain_name_system 12.1.0 - 12.1.4.1
f5/big-ip_edge_gateway 12.1.0 - 12.1.4.1
f5/big-ip_fraud_protection_service 12.1.0 - 12.1.4.1
f5/big-ip_global_traffic_manager 12.1.0 - 12.1.4.1
f5/big-ip_link_controller 12.1.0 - 12.1.4.1
... and 3 more
Published Jul 03, 2019
Tracked Since Feb 18, 2026