Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:f5:arx:6.3.0:*:*:*:*:*:*:*
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.

Published: February 21, 2020; 1:15:11 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

Published: October 15, 2014; 10:55:06 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.

Published: May 24, 2012; 7:55:02 PM -0400
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM