CVE-2024-23805

HIGH

F5 BIG-IP Advanced WAF and ASM 15.1.0-15.1.9 - Denial of Service via HTTP Analytics Profile with URLs Enabled

Title source: llm

Description

Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://my.f5.com/manage/s/article/K000137334

Scores

CVSS v3 7.5

EPSS 0.0052

EPSS Percentile 39.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-131

Status published

Products (4)

f5/big-ip_advanced_web_application_firewall 17.1.0

f5/big-ip_advanced_web_application_firewall 15.1.0 - 15.1.10

f5/big-ip_application_security_manager 17.1.0

f5/big-ip_application_security_manager 15.1.0 - 15.1.10

Published Feb 14, 2024

Tracked Since Feb 18, 2026