

Rewterz Threat Advisory – Mozilla Firefox / Firefox ESR Multiple Vulnerabilities
March 25, 2019
Rewterz Threat Advisory – F5 Multiple Products glibc Denial of Service Vulnerability
March 26, 2019
Rewterz Threat Advisory – Mozilla Firefox / Firefox ESR Multiple Vulnerabilities
March 25, 2019
Rewterz Threat Advisory – F5 Multiple Products glibc Denial of Service Vulnerability
March 26, 2019Severity
Low
Analysis Summary
CVE-2019-6465
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable. An attacker can exploit this vulnerability to request and receive a zone transfer of a DLZ that bypasses the allow-transfer access control list.
Impact
Security Bypass
Affected Products
F5 BIG-IP Local Traffic Manager (LTM) 11.x
F5 BIG-IP Application Security Manager (ASM) 11.x
F5 BIG-IP Local Traffic Manager (LTM) 12.x
F5 BIG-IP Application Security Manager (ASM) 12.x
F5 BIG-IP Local Traffic Manager (LTM) 13.x
F5 BIG-IP Application Security Manager (ASM) 13.x
F5 BIG-IP Local Traffic Manager (LTM) 14.x
F5 TMOS 11.x
F5 BIG-IP Global Traffic Manager (GTM) 11.x
F5 BIG-IP Access Policy Manager (APM) 11.x
F5 BIG-IP Application Acceleration Manager (AAM) 11.x
F5 BIG-IP Advanced Firewall Manager (AFM) 11.x
F5 BIG-IP Analytics (AVR) 11.x
F5 BIG-IP Link Controller 11.x
F5 BIG-IP Policy Enforcement Manager (PEM) 11.x
F5 BIG-IP Access Policy Manager (APM) 12.x
F5 BIG-IP Access Policy Manager (APM) 13.x
F5 BIG-IP Advanced Firewall Manager (AFM) 12.x
F5 BIG-IP Advanced Firewall Manager (AFM) 13.x
F5 TMOS 12.x
F5 BIG-IP DNS (formerly Global Traffic Manager (GTM)) 12.x
Remediation
Update to a fixed version of the products.
BIG-IP LTM versions 14.x:
Update to version 14.1.0.2.
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM versions 11.x:
Update to version 11.5.9 or 11.6.4.