Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
11.3.0
Fixed In:
11.5.0
Opened: Sep 14, 2013 Severity: 3-Major Related Article:
K15499
It is possible to attach a DoS profile that has DNS settings to a virtual-server that doesn't have a DNS profile. The result will be that DNS security doesn't really take place but a user is unaware of this scenario any may think that he has a DoS protection on that VIP. Virtual servers are not protected against DNS and SIP DoS attacks despite the attached dos profiles having corresponding DNS and SIP embedded profiles configured.
Virtual servers aren't protected versus SIP and DNS DoS attacks due to non validated misconfiguration.
Virtual servers are attached with dos profiles having corresponding DNS and/ or SIP embedded profiles configured but not attached with DNS and/ or SIP profiles.
Make sure SIP and/or DNS profiles are attached to the virtual servers.
The system now validates a virtual server to which a DNS DoS and/or SIP DoS profile is assigned, to ensure that the virtual server includes a SIP or DNS profile.