Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1
Opened: May 19, 2016 Severity: 2-Critical
If an ACL iRule with virtual command is triggered and redirect the traffic back to the same virtual server, it can form a infinite recursion and cause tmm crash.
Traffic disrupted while tmm restarts.
ACL uses an iRule that chooses a virtual server inside CLIENT_ACCEPTED.
iRules should be self-limiting as following to avoid infinite recursion: when CLIENT_ACCEPTED { if {[TCP::local_port] == 666 } { log "=== Redirection Port [TCP::local_port] client port [TCP::remote_port] " log local0. "virtual name is [virtual name]" set my_virtual_name "/Common/VS3" if { [virtual name] ne $my_virtual_name } { virtual $my_virtual_name } else { log local0. "preventing recursive call" } } }
None