Bug ID 481216: Fallback may be attempted incorrectly in an abort after an Early Server Response

Last Modified: Oct 17, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.1, 11.5.2, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF5, 11.5.3

Opened: Sep 25, 2014

Severity: 3-Major

Symptoms

After an Early Server Response, the BIG-IP system might attempt to generate a fallback response if an error occurs. However, the response has already partially egressed, so this does not work correctly.

Impact

The server-side might read HTTP data structures after they have already been freed. A fallback can be generated on the server-side, leading to a use-after-free if the client side has already aborted.

Conditions

Fallback configured or enabled by an iRule. An early server response triggers an error that leads to an Abort being raised. The Abort triggers a fallback response inappropriately.

Workaround

None

Fix Information

A fallback response is no longer inappropriately generated after an error after an Early Server Response.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips