f5 big-ip-access-policy-manager CVE-2019-11479 vulnerability in F5 Networks and Other Products
Published on June 19, 2019

product logo product logo product logo product logo product logo
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is an Amplification Vulnerability?

Software that does not appropriately monitor or control resource consumption can lead to adverse system performance. This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system or the network.

CVE-2019-11479 has been classified to as an Amplification vulnerability or weakness.


Products Associated with CVE-2019-11479

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-11479 are published in these products:

F5 Networks Big Ip Access Policy Manager
 
F5 Networks Big Ip Advanced Firewall Manager
 
F5 Networks Big Ip Analytics
 
F5 Networks Big Ip Application Acceleration Manager
 
F5 Networks Big Ip Application Security Manager
 
F5 Networks Big Ip Domain Name System
 
F5 Networks Big Ip Edge Gateway
 
F5 Networks Big Ip Fraud Protection Service
 
F5 Networks Big Ip Global Traffic Manager
 
F5 Networks Big Ip Link Controller
 
F5 Networks Big Ip Local Traffic Manager
 
F5 Networks Big Ip Policy Enforcement Manager
 
F5 Networks Big Ip Webaccelerator
 
Pulse Secure Pulse Connect Secure
 
Pulse Secure Pulse Policy Secure
 
Pulse Secure Virtual Application Delivery Controller
 
Red Hat Enterprise Linux Atomic Host
 
Red Hat Enterprise Mrg
 
Canonical Ubuntu Linux
 
Linux Kernel
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Aus
 
Red Hat Enterprise Linux Eus
 
Red Hat Virtualization
 
F5 Networks Enterprise Manager
 
F5 Networks Traffix Signaling Delivery Controller
 
F5 Networks Big Iq Centralized Management
 
F5 Networks Iworkflow
 

Affected Versions

Linux kernel:

Exploit Probability

EPSS
13.58%
Percentile
94.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.