CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-23000

On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.5%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 4.3

References

Products affected by CVE-2021-23000

F5 » Big-Ip Access Policy Manager » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5.2
F5 » Big-Ip Access Policy Manager » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3.4
F5 » Big-Ip Access Policy Manager » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3.5
F5 » Big-Ip Advanced Firewall Manager » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.5.2
F5 » Big-Ip Advanced Firewall Manager » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.3.4
F5 » Big-Ip Advanced Firewall Manager » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.3.5
F5 » Big-Ip Advanced Web Application Firewall » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:12.1.5.2
F5 » Big-Ip Advanced Web Application Firewall » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.3.4
F5 » Big-Ip Advanced Web Application Firewall » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.3.5
F5 » Big-Ip Analytics » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_analytics:12.1.5.2
F5 » Big-Ip Analytics » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_analytics:13.1.3.4
F5 » Big-Ip Analytics » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_analytics:13.1.3.5
F5 » Big-Ip Application Acceleration Manager » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.5.2
F5 » Big-Ip Application Acceleration Manager » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.3.4
F5 » Big-Ip Application Acceleration Manager » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.3.5
F5 » Big-Ip Application Security Manager » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_application_security_manager:12.1.5.2
F5 » Big-Ip Application Security Manager » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_application_security_manager:13.1.3.4
F5 » Big-Ip Application Security Manager » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_application_security_manager:13.1.3.5
F5 » Big-Ip Ddos Hybrid Defender » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:12.1.5.2
F5 » Big-Ip Ddos Hybrid Defender » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:13.1.3.4
F5 » Big-Ip Ddos Hybrid Defender » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:13.1.3.5
F5 » Big-Ip Domain Name System » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_domain_name_system:12.1.5.2
F5 » Big-Ip Domain Name System » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_domain_name_system:13.1.3.4
F5 » Big-Ip Domain Name System » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_domain_name_system:13.1.3.5
F5 » Big-Ip Fraud Protection Service » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.5.2
F5 » Big-Ip Fraud Protection Service » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.3.4
F5 » Big-Ip Fraud Protection Service » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.3.5
F5 » Big-Ip Global Traffic Manager » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.5.2
F5 » Big-Ip Global Traffic Manager » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.3.4
F5 » Big-Ip Global Traffic Manager » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.3.5
F5 » Big-Ip Link Controller » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_link_controller:12.1.5.2
F5 » Big-Ip Link Controller » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_link_controller:13.1.3.4
F5 » Big-Ip Link Controller » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_link_controller:13.1.3.5
F5 » Big-Ip Local Traffic Manager » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.5.2
F5 » Big-Ip Local Traffic Manager » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.3.4
F5 » Big-Ip Local Traffic Manager » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.3.5
F5 » Big-Ip Policy Enforcement Manager » Version: 12.1.5.2

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.5.2
F5 » Big-Ip Policy Enforcement Manager » Version: 13.1.3.4

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.3.4
F5 » Big-Ip Policy Enforcement Manager » Version: 13.1.3.5

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.3.5
F5 » Ssl Orchestrator » Version: 12.1.5.2

cpe:2.3:a:f5:ssl_orchestrator:12.1.5.2
F5 » Ssl Orchestrator » Version: 13.1.3.4

cpe:2.3:a:f5:ssl_orchestrator:13.1.3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-23000

Products

Pricing

Contact Us