Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4
Opened: Jan 13, 2015 Severity: 3-Major
Session variable set from irule is sometimes corrupted for processing during access policy.
Alternates between success and failure.
Start -> irule event -> DACL load success -> message box ACL load success -> deny failure -> message box ACL load failure -> deny The irule sets a session variable (DACL data) from a plain static block of text. When we look at sessiondump, we can see that the affected acl sessvar has partially truncated data that fails during the DACL parsing.
Split the big ACL into multiple smaller ones.
None