Last Modified: Nov 07, 2022
Known Affected Versions:
4.5.0, 4.5.0 HF1, 4.5.0 HF2, 4.5.0 HF3
Opened: Apr 06, 2015 Severity: 2-Critical
Users cannot download large files of size more greater than 32MB due to restricted memory available for the REST daemon on BIG-IP
Possible denial of service attack because of the out of memory in REST daemon.
Users requesting file download of size more than 32 MB through REST
No known workaround. Mitigation was to error out file download request larger than 1 MB and enforce Content-Range based chunked download for larger files.
Previously REST daemon was attempting to load large files into memory even though there may not be enough memory as well as file size is exceeding upper limit 32 MB on the Rest Operation. This fix prevents REST daemon from loading any file larger than 1 MB without smaller chunks and possible denial of service attacks because of the out of memory.