Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.4.1
Fixed In:
11.6.0, 11.5.4 HF2, 11.4.1 HF6
Opened: Apr 14, 2014 Severity: 3-Major Related Article:
K16711
Traffic matches the wrong rule in Centralized Policy Management (CPM) policy. User traffic is matching either uri or host headers to rules that should not match the header.
Misclassification and forwarding of traffic.
This issue is caused by long list of hosts in certain rules resulting in wrong execution of statemachine due to wraparound in shifting.
This issue has no workaround at this time.
A range check has now been added to correctly classify and forward traffic in the case of incorrect rules in CPM policies.