CVE-2019-6682
HIGHBIG-IP ASM 11.5.2-15.0.1.1 - Uncontrolled Resource Consumption via HTTP Response
Title source: llmDescription
On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side features, such as Data Guard or response-side learning.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K40452417
Scores
CVSS v3
7.5
EPSS
0.0089
EPSS Percentile
75.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
f5/big-ip_application_security_manager
11.5.2 - 11.6.5
Published
Dec 23, 2019
Tracked Since
Feb 18, 2026