Description
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K00602225
Scores
CVSS v3
7.5
EPSS
0.0061
EPSS Percentile
69.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (4)
f5/big-ip_advanced_web_application_firewall
16.0.1
f5/big-ip_advanced_web_application_firewall
13.1.3.5 - 13.1.3.6
f5/big-ip_application_security_manager
16.0.1
f5/big-ip_application_security_manager
13.1..3.5 - 13.1.3.6
Published
Sep 14, 2021
Tracked Since
Feb 18, 2026