

Rewterz Threat Advisory – F5 Multiple Products Bind Security Bypass Vulnerability
March 26, 2019
Rewterz Threat Alert – Account Themed Malspam – Threat Indicators
March 26, 2019
Rewterz Threat Advisory – F5 Multiple Products Bind Security Bypass Vulnerability
March 26, 2019
Rewterz Threat Alert – Account Themed Malspam – Threat Indicators
March 26, 2019Severity
Medium
Analysis Summary
CVE-2009-5155
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
Impact
Denial of Service
Affected Products
F5 BIG-IP Local Traffic Manager (LTM) 11.x
F5 BIG-IP Application Security Manager (ASM) 11.x
F5 BIG-IP Local Traffic Manager (LTM) 12.x
F5 BIG-IP Application Security Manager (ASM) 12.x
F5 BIG-IP Local Traffic Manager (LTM) 13.x
F5 BIG-IP Application Security Manager (ASM) 13.x
F5 BIG-IQ Centralized Management 5.x
F5 BIG-IP Local Traffic Manager (LTM) 14.x
F5 TMOS 11.x
F5 BIG-IP Global Traffic Manager (GTM) 11.x
F5 Enterprise Manager 3.x
F5 BIG-IP Access Policy Manager (APM) 11.x
F5 BIG-IP Application Acceleration Manager (AAM) 11.x
F5 BIG-IP Advanced Firewall Manager (AFM) 11.x
F5 BIG-IP Analytics (AVR) 11.x
F5 BIG-IP Link Controller 11.x
F5 BIG-IP Policy Enforcement Manager (PEM) 11.x
F5 BIG-IP Access Policy Manager (APM) 12.x
F5 BIG-IP Access Policy Manager (APM) 13.x
F5 BIG-IP Advanced Firewall Manager (AFM) 12.x
F5 BIG-IP Advanced Firewall Manager (AFM) 13.x
F5 TMOS 12.x
F5 BIG-IP DNS (formerly Global Traffic Manager (GTM)) 12.x
Remediation
Vendor has not released any patches/updates for the following products.