F5 Networks Big Ip Wan Optimization Manager
By the Year
In 2024 there have been 0 vulnerabilities in F5 Networks Big Ip Wan Optimization Manager . Big Ip Wan Optimization Manager did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 1 | 5.90 |
2019 | 0 | 0.00 |
2018 | 1 | 5.90 |
It may take a day or so for new Big Ip Wan Optimization Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent F5 Networks Big Ip Wan Optimization Manager Security Vulnerabilities
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data
CVE-2013-3587
5.9 - Medium
- February 21, 2020
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
Information Disclosure
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data
CVE-2013-3587
5.9 - Medium
- February 21, 2020
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
Information Disclosure
SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might
CVE-2014-4024
5.9 - Medium
- March 19, 2018
SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack.
Information Disclosure
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which
CVE-2014-4027
- June 23, 2014
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
Information Disclosure
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which
CVE-2014-0196
- May 07, 2014
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
Race Condition
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which
CVE-2014-0101
- March 11, 2014
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
NULL Pointer Dereference
Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned,"
CVE-2013-0150
- August 09, 2013
Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
Directory traversal
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier
CVE-2012-3163
- October 17, 2012
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values
CVE-2011-3188
9.1 - Critical
- May 24, 2012
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux (RHEL) or by F5 Networks? Click the Watch button to subscribe.