CVSS 3.1 Score 7.5 of 10 (high)


Published Feb 14, 2024
CWE ID 131


CVE-2024-23805 is a cyber vulnerability that affects the Traffic Management Microkernel (TMM) in certain F5 products. Specifically, it can occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server, and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Additionally, the vulnerability can manifest when a DoS or Bot Defense profile is set up on a virtual server in BIG-IP Advanced WAF and ASM, with the same DB variables enabled. The risk score for this vulnerability is 25, indicating a high severity level. Remediation involves disabling the avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI variables if they are not needed.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23805 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options