Last Modified: Dec 15, 2020
Affected Product:
See more info
BIG-IP All
Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1
Fixed In:
11.6.0, 11.5.4 HF2, 11.4.1 HF6
Opened: Apr 14, 2014
Severity: 3-Major
Related AskF5 Article:
K16711
Traffic matches the wrong rule in Centralized Policy Management (CPM) policy. User traffic is matching either uri or host headers to rules that should not match the header.
Misclassification and forwarding of traffic.
This issue is caused by long list of hosts in certain rules resulting in wrong execution of statemachine due to wraparound in shifting.
This issue has no workaround at this time.
A range check has now been added to correctly classify and forward traffic in the case of incorrect rules in CPM policies.