Vulnerability Details CVE-2019-6638
On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://www.securityfocus.com/bid/109106
- https://support.f5.com/csp/article/K67825238
- https://support.f5.com/csp/article/K67825238?utm_source=f5support&%3Butm_medium=RSS
- http://www.securityfocus.com/bid/109106
- https://support.f5.com/csp/article/K67825238
- https://support.f5.com/csp/article/K67825238?utm_source=f5support&%3Butm_medium=RSS
Products affected by CVE-2019-6638
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0.2
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0.3
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0.4
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.1
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.2
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3.0.79.6
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3.0.97.6
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3.0.99.6
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5.0.15.5
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5.0.36.5
-
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5.0.40.5
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0.1
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0.2
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0.3
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0.4
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.1
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.2
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.3
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.3.0.79.6
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.3.0.97.6
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.3.0.99.6
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.5
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.5.0.15.5
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.5.0.36.5
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.5.0.40.5
-
cpe:2.3:a:f5:big-ip_analytics:14.0.0
-
cpe:2.3:a:f5:big-ip_analytics:14.0.0.1
-
cpe:2.3:a:f5:big-ip_analytics:14.0.0.2
-
cpe:2.3:a:f5:big-ip_analytics:14.0.0.3
-
cpe:2.3:a:f5:big-ip_analytics:14.0.0.4
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.1
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.2
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.3
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.3.0.79.6
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.3.0.97.6
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.3.0.99.6
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.5
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.5.0.15.5
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.5.0.36.5
-
cpe:2.3:a:f5:big-ip_analytics:14.1.0.5.0.40.5
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0.1
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0.2
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0.3
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0.4
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.1
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.2
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.3
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.3.0.79.6
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.3.0.97.6
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.3.0.99.6
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.5
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.5.0.15.5
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.5.0.36.5
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.5.0.40.5
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.1
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.2
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.3
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.4
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.1
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.2
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.3
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.3.0.79.6
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.3.0.97.6
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.3.0.99.6
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5.0.15.5
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5.0.36.5
-
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5.0.40.5
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0.1
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0.2
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0.3
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0.4
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.1
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.2
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.3
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.3.0.79.6
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.3.0.97.6
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.3.0.99.6
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.5
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.5.0.15.5
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.5.0.36.5
-
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.5.0.40.5
-
cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0.1
-
cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0.2
-
cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0.3
-
cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0.4
-
cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0.1
-
cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0.2
-
cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0.5
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0.1
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0.2
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0.3
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0.4
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.1
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.2
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.3
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.3.0.79.6
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.3.0.97.6
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.3.0.99.6
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.5.0.15.5
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.5.0.36.5
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.5.0.40.5
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.0.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.0.0.1
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.0.0.2
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.0.0.3
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.1
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.2
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.3
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.3.0.79.6
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.3.0.97.6
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.3.0.99.6
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.5
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.5.0.15.5
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.5.0.36.5
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.5.0.40.5
-
cpe:2.3:a:f5:big-ip_link_controller:14.0.0
-
cpe:2.3:a:f5:big-ip_link_controller:14.0.0.1
-
cpe:2.3:a:f5:big-ip_link_controller:14.0.0.2
-
cpe:2.3:a:f5:big-ip_link_controller:14.0.0.3
-
cpe:2.3:a:f5:big-ip_link_controller:14.0.0.4
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.1
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.2
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.3
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.3.0.79.6
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.3.0.97.6
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.3.0.99.6
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.5
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.5.0.15.5
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.5.0.36.5
-
cpe:2.3:a:f5:big-ip_link_controller:14.1.0.5.0.40.5
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0.2
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0.3
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0.4
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.1
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.2
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.3
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.3.0.79.6
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.3.0.97.6
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.3.0.99.6
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.5
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.5.0.15.5
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.5.0.36.5
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.5.0.40.5
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0.1
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0.2
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0.3
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0.4
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.1
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.2
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.3
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.3.0.79.6
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.3.0.97.6
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.3.0.99.6
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.5
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.5.0.15.5
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.5.0.36.5
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.5.0.40.5
-
cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0.1
-
cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0.2
-
cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0.3
-
cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0.4
-
cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0.1
-
cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0.2
-
cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0.2.0.45.4
-
cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0.2.0.62.4
-
cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0.5