Bug ID 570617: HTTP parses fragmented response versions incorrectly

Last Modified: Oct 17, 2023

Affected Product(s):
BIG-IP AAM, AFM, APM, ASM, AVR, LTM, PEM, PSM, WAM(all modules)

Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.6.0

Fixed In:
11.6.1, 11.5.4 HF2, 11.2.1 HF16

Opened: Jan 28, 2016

Severity: 3-Major

Related Article: K70896130

Symptoms

When a fragmented response is parsed by HTTP, the version field may be incorrectly bounded. HTTP correctly determines the version of the response. However, other filters that re-scan the version field might see a truncated value. The filters then miss-parse the HTTP version.

Impact

The detected version of HTTP may be incorrect. Typically, the response is detected as a HTTP/0.9 response rather than the 1.0 or 1.1 response it actually uses.

Conditions

A fragmented response where the HTTP version field appears in multiple packets. Another filter, for example VDI, re-scans the HTTP version field.

Workaround

None.

Fix Information

HTTP correctly bounds the response version for other filters to parse.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips