Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP AAM, AFM, APM, ASM, AVR, LTM, PEM, PSM, WAM
Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8
Fixed In:
11.6.1, 11.5.4 HF2, 11.2.1 HF16
Opened: Jan 28, 2016
Severity: 3-Major
Related Article:
K70896130
When a fragmented response is parsed by HTTP, the version field may be incorrectly bounded. HTTP correctly determines the version of the response. However, other filters that re-scan the version field might see a truncated value. The filters then miss-parse the HTTP version.
The detected version of HTTP may be incorrect. Typically, the response is detected as a HTTP/0.9 response rather than the 1.0 or 1.1 response it actually uses.
A fragmented response where the HTTP version field appears in multiple packets. Another filter, for example VDI, re-scans the HTTP version field.
None.
HTTP correctly bounds the response version for other filters to parse.
