Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP LTM
Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Fixed In:
12.0.0
Opened: Jan 15, 2015
Severity: 3-Major
When there is an error in a payload chunk header of a response from the ICAP server, the BIG-IP system might hang, awaiting more data from the server, and silently drop the remainder of the response as if the response is incomplete.
The BIG-IP system might silently drop the remainder of the response as if it was incomplete.
There is an error in the chunking of the ICAP server response, where the header specifies a chunk size less than the actual chunk data size, such that there is more data beyond where the next chunk header is expected.
Ensure the ICAP server is chunking correctly.
When there is an error in a payload chunk header of a response from the ICAP server, the BIG-IP system detects an error and aborts (RST) the connection to the ICAP server, and performs the configured service-down-action on the HTTP virtual server (the service-down-action is configured in the request-adapt or response-adapt profile).
