CVE-2017-0302

Published: May 9, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.

Affected (5)

Products: F5: Big Ip Access Policy Manager

1 product

Big Ip Access Policy Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	Version 12.0.0
F5 Big Ip Access Policy Manager	Version 12.1.0
F5 Big Ip Access Policy Manager	Version 12.1.1
F5 Big Ip Access Policy Manager	Version 12.1.2
F5 Big Ip Access Policy Manager	Version 13.0.0

Related CWEs

CWE-118

Incorrect Access of Indexable Resource ('Range Error')

The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

References (4)

http://www.securitytracker.com/id/1038408

Source: f5sirt@f5.com

https://support.f5.com/csp/article/K87141725

Source: f5sirt@f5.com

Vendor Advisory

http://www.securitytracker.com/id/1038408

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.f5.com/csp/article/K87141725

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.