F5 BIG-IP TMM DoS via HTTP Analytics URL Profiling
CVE-2024-23805 Published on February 14, 2024

F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-23805 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Incorrect Calculation of Buffer Size

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.


Products Associated with CVE-2024-23805

stack.watch emails you whenever new vulnerabilities are published in F5 Networks Big Ip Advanced Web Application Firewall or F5 Networks Big Ip Application Security Manager. Just hit a watch button to start following.

F5 Networks Big Ip Advanced Web Application Firewall
 
F5 Networks Big Ip Application Security Manager
 

Affected Versions

F5 BIG-IP:

Exploit Probability

EPSS
0.31%
Percentile
53.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.