What is CVE-2017-0302?

CVE-2017-0302 is a medium-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Incorrect Access of Indexable Resource ('Range Error'). CVSS score: 5.3/10. Published 2017-05-09.

How severe is CVE-2017-0302?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in F5 Big-ip_access_policy_manager

CVE-2017-0302

In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.

EPSS: 0.003 (54.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

F5 Big-ip_access_policy_manager — versions 12.0.0, 12.1.0, 12.1.1
F5 Networks, Inc. Big-ip Apm — versions 12.0.0 - 12.1.2, 13.0.0

Weakness classification (CWE)

CWE-118 — Incorrect Access of Indexable Resource ('Range Error')

References

f5sirt@f5.com (vdb-entry, x_refsource_SECTRACK)
f5sirt@f5.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-0302?: CVE-2017-0302 is a medium-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Incorrect Access of Indexable Resource ('Range Error'). CVSS score: 5.3/10. Published 2017-05-09.
How severe is CVE-2017-0302?: Medium severity. CVSS v3 base score is 5.3 out of 10.