Last Modified: Apr 24, 2024
Affected Product(s):
BIG-IP (all modules)
Known Affected Versions:
16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3
Opened: Feb 23, 2023 Severity: 3-Major
When an LTM policy uses server-name as the condition to route traffic to different virtual servers, the expected virtual server is not always chosen.
The traffic is routed through a different virtual server than the expected one.
The issue can be seen when the following are true: 1. BIG-IP has more than one virtual server. 2. There is an LTM policy with server-name based conditions and actions.
This issue only affects requests involving TLSv1 protocol negotiation. Enforcing usage of TLSv1.1 or higher protocol version can prevent the issue.
None