Last Modified: Mar 26, 2025
Affected Product(s):
BIG-IP AFM, Install/Upgrade
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1
Fixed In:
17.5.0
Opened: Oct 07, 2024 Severity: 2-Critical
A number of DoS vectors were added in version 17.1.0 and are set to Mitigate by default. The list of vectors that were added is described in K41305885: BIG-IP AFM DoS vectors https://my.f5.com/manage/s/article/K41305885 These include - TCP ACK (TS) - TCP ACK Flood - TCP Flags Uncommon Additionally, a DoS vector behavior has changed: - Bad TCP Flags Malformed
New DoS attack vectors may be detected. Since not all hardware platforms use hardware-accelerated DoS vectors, this can cause performance problems in the form of intermittent connectivity issues or application slowness that is noticed after the system is upgraded.
-- AFM enabled -- Upgrade to 17.1.0
None
None