Last Modified: Oct 07, 2025
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
17.5.0, 17.5.1
Fixed In:
17.5.1.2
Opened: Jan 15, 2025 Severity: 2-Critical
Nxdomain domain eg:nxdomain.example.com is added into allow list. This causes tmctl nxdomain vector stats to not be accounted for, even when the client receives a response as nxdomain.
Tmctl stats for nxdomain vector is not accurate.
-- An nxdomain DoS vector is triggered -- The nxdomain is later added to the allow list
None
None