Bug ID 671883: [APM] Ping Access Agent does not correctly handle HTTP request with invalid version

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1

Opened: Jun 30, 2017

Severity: 3-Major


Ping Access Agent processes HTTP requests based on the assumption that the version in the request will be formatted as follows: HTTP/1.0, HTTP/1.1, etc. If the version is invalid and is specificied without a slash, Ping Access Agent generates a core.


Ping Access Agent generates core, which might cause service outage.


This occurs when both of the following conditions are met: -- The HTTP request contains an invalid value for the HTTP version field. -- That provided invalid value does not contain a slash (/) character.


* Write an iRule that uses HTTP request events to detect such invalid requests and to generate an error when encountered (e.g.: "ping_access_agent does not process requests with invalid HTTP version values"). * Attach the iRule to the virtual server. With such an iRule attached to the virtual server, Ping Access Agent will continue to provide the requested service for valid requests.

Fix Information

Ping Access Agent now properly handles requests with invalid HTTP version values.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips