CVSS 3.1 Score 7.5 of 10 (high)


Published Feb 14, 2024
CWE ID 131


CVE-2024-23805 is a cyber vulnerability that affects the Traffic Management Microkernel (TMM) in certain F5 products. Specifically, it can occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server, and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Additionally, the vulnerability can manifest when a DoS or Bot Defense profile is set up on a virtual server in BIG-IP Advanced WAF and ASM, with the same DB variables enabled. The risk score for this vulnerability is 25, indicating a high severity level. Remediation involves disabling the avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI variables if they are not needed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-23805 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions