Bug ID 481216: Fallback may be attempted incorrectly in an abort after an Early Server Response

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4

Fixed In:
12.0.0, 11.6.0 HF5, 11.5.3

Opened: Sep 25, 2014
Severity: 3-Major

Symptoms

After an Early Server Response, the BIG-IP system might attempt to generate a fallback response if an error occurs. However, the response has already partially egressed, so this does not work correctly.

Impact

The server-side might read HTTP data structures after they have already been freed. A fallback can be generated on the server-side, leading to a use-after-free if the client side has already aborted.

Conditions

Fallback configured or enabled by an iRule. An early server response triggers an error that leads to an Abort being raised. The Abort triggers a fallback response inappropriately.

Workaround

None

Fix Information

A fallback response is no longer inappropriately generated after an error after an Early Server Response.

Behavior Change

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks