F5 BIG-IP Access Policy Manager (APM) 13.0.0
Approved changes feed: RSS · Atom
cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:-:*:*:*:*:*:*
part: a version: 13.0.0 update: -
| Vendor | F5 (cb05c4a2-e02e-586f-b9d0-d0370178d1e5) |
|---|---|
| Product | Big Ip Access Policy Manager (78341655-a047-5c86-a17e-6a3bb8e6914c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-5929 |
vulnerable | 2026-06-03 14:42:57.667174 |
Details available
In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.
Published: 2020-09-25T13:22:47.000Z
Updated: 2024-08-04T08:47:40.873Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.