F5 Networks BIG-IP : SSL Forward Proxy vulnerability (K20134942)
High Nessus Plugin ID 118637
Synopsis
The remote device is missing a vendor-supplied security patch.
Description
A remote attacker using undisclosed methods againstvirtual servers
configured with a Client SSL or Server SSL profile that has the SSL
Forward Proxy feature enabled can force the Traffic Management
Microkernel (TMM) to leak memory. As a result, system memory usage
increases over time, which may eventually cause a decrease in
performance or a system reboot due to memory exhaustion.
(CVE-2018-5527)
Impact
This vulnerability allows a remote attacker to disrupt service.
Solution
Upgrade to one of the non-vulnerable versions listed in the F5
Solution K20134942.