Last Modified: May 11, 2022
Affected Product:
See more info
BIG-IP ASM
Opened: May 10, 2022
Severity: 3-Major
HTTP tunneling with CONNECT method might cause BD to hang during the ingress process under the right conditions, this results in occupation of the XDATA which eventually may lead to TMM core due to low memory.
The connection stays open between the enforcer and the client after a response violation is received. Traffic disrupted while tmm restarts.
A virtual server that does not support the HTTP CONNECT method is attached to an ASM policy with an "Illegal method" violation set to not blocking and "Illegal HTTP status in response" set to blocking.
Set "Illegal method" to blocking in the ASM policy.
None