CVE-2017-0303

high

CVSS v3 Base Score

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

2.4%

Exploitation probability in 30 days

Top 15% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

None

Integrity

None

Availability

High

Published: October 27, 2017 (3120 days ago)

Last Modified: May 13, 2026

Vendor: F5

Source: NVD

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.

CWE

CWE-459

Affected Products

f5 big-ip local traffic managerf5 big-ip application acceleration managerf5 big-ip advanced firewall managerf5 big-ip access policy managerf5 big-ip application security managerf5 big-ip link controllerf5 big-ip policy enforcement managerf5 big-ip websafe

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 support.f5.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com

CVE-2017-0303

Vulnerability Report

Description

CWE

Affected Products

References