Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1
Fixed In:
11.6.0, 11.5.4 HF2, 11.4.1 HF6
Opened: Apr 14, 2014 Severity: 3-Major Related Article:
K16711
Traffic matches the wrong rule in Centralized Policy Management (CPM) policy. User traffic is matching either uri or host headers to rules that should not match the header.
Misclassification and forwarding of traffic.
This issue is caused by long list of hosts in certain rules resulting in wrong execution of statemachine due to wraparound in shifting.
This issue has no workaround at this time.
A range check has now been added to correctly classify and forward traffic in the case of incorrect rules in CPM policies.