Vulnerability Description
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Global Traffic Manager | 10.0.0 |
| F5 | Big-Ip Webaccelerator | 9.4.0 |
| F5 | Big-Ip Local Traffic Manager | 10.0.0 |
| F5 | Big-Ip Application Security Manager | 10.0.0 |
| F5 | Big-Ip Access Policy Manager | 10.1.0 |
| F5 | Big-Ip Wan Optimization Manager | 10.0.0 |
| F5 | Big-Ip Edge Gateway | 10.1.0 |
| F5 | Big-Ip Protocol Security Module | 9.4.5 |
| F5 | Big-Ip Link Controller | 10.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/55378Vendor Advisory
- http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13233.htmlVendor Advisory
- http://www.securitytracker.com/id/1029220
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88166
- http://secunia.com/advisories/55378Vendor Advisory
- http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13233.htmlVendor Advisory
- http://www.securitytracker.com/id/1029220
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88166
FAQ
What is CVE-2013-6016?
CVE-2013-6016 is a vulnerability with a CVSS score of 7.8 (HIGH). The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 thr...
How severe is CVE-2013-6016?
CVE-2013-6016 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6016?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Global Traffic Manager, F5 Big-Ip Webaccelerator, F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Security Manager, F5 Big-Ip Access Policy Manager.