Last Modified: Jul 24, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.1.4.1, 13.1.5, 13.1.5.1, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 16.0.1.2, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3
Fixed In:
17.0.0, 16.1.5, 15.1.10
Opened: Nov 03, 2021 Severity: 3-Major
LTM policy engine compiles a policy into a state machine. If there is a variation of the same case insensitive value for an operand, the state machine may fail to properly build all rules, using this value. An example of a variation is a list of words like "Myself", "myself", "MYself", "mySElf", "MYSELF".
An expected rule does not apply: either a wrong rule is applied, or no rule is applied, causing incorrect traffic processing.
-- LTM policy is configured and attached to a virtual server. -- The policy has variation in a case insensitive value of an operand.
Eliminate variation in any case insensitive value of any operand. For example, replace all variations in the mentioned list with "myself".
When there is a variation in a case insensitive value of an operand, BIG-IP will correctly handle it and compiles the policy so the rules with the variations are correctly applied to processing traffic.