How severe is CVE-2017-6163?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2017-6163?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2017-6163 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed.

Related Vulnerabilities

CVE-2013-5571

MEDIUM

CVSS:5.9(Medium)

HMailServer 5.3.x and prior: Memory Corruption which could cause DOS

CWE-1192013

CVE-2015-5314

MEDIUM

CVSS:5.9(Medium)

The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal...

CWE-1192015

CVE-2015-5315

MEDIUM

CVSS:5.9(Medium)

The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a net...

CWE-1192015

CVE-2015-8878

MEDIUM

CVSS:5.9(Medium)

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory co...

CWE-1192015

CVE-2016-0771

MEDIUM

CVSS:5.9(Medium)

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial ...

CWE-1192016

CVE-2016-2519

MEDIUM

CVSS:5.9(Medium)

ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a ...

CWE-1192016