Last Modified: Sep 23, 2021
See more info
Known Affected Versions:
16.1.0, 184.108.40.206, 16.0.1, 220.127.116.11, 16.0.0, 15.1.4, 15.1.3, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 14.1.4, 13.1.4, 18.104.22.168, 22.214.171.124, 126.96.36.199
Opened: Apr 28, 2021
HTTP header corruption occurs after insertion/modification using an iRule in HTTP Headers which contain mixed end-of-line markers <CRLF> and <LF>.
Inserted headers get concatenated in such a way that the HTTP request header gets corrupted.
- HTTP virtual server - An iRule, policy or profile inserts an HTTP Request header - Such as x-forwarded-for - An HTTP request contains some lines that end with <CRLF> and some that end with <LF>
Use HTTP headers with proper end-of-line markers in compliance with HTTP RFC