CVE-2018-5514

high

Description

On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue.

References

https://support.f5.com/csp/article/K45320419

http://www.securitytracker.com/id/1040804

http://www.securityfocus.com/bid/104097

Details

Source: Mitre, NVD

Published: 2018-05-02

Updated: 2018-06-13

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High