Product:

Big\-Ip_service_proxy

(F5)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 3
Date Id Summary Products Score Patch Annotated
2023-02-01 CVE-2023-22664 On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_fraud_protection_service, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_service_proxy, Big\-Ip_ssl_orchestrator 7.5
2023-02-01 CVE-2023-23555 On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_fraud_protection_service, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_service_proxy, Big\-Ip_ssl_orchestrator 7.5
2021-11-11 CVE-2002-20001 The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must... Dheater, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_advanced_web_application_firewall, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_carrier\-Grade_nat, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_service_proxy, Big\-Ip_ssl_orchestrator, Big\-Ip_webaccelerator, Big\-Ip_websafe, Big\-Iq_centralized_management, F5os\-A, F5os\-C, Traffix_signaling_delivery_controller, Arubaos\-Cx, Scalance_w1750d_firmware, Stormshield_management_center, Stormshield_network_security, Linux_enterprise_server 7.5