Last Modified: Oct 16, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3
Fixed In:
13.1.0, 13.0.1
Opened: Jun 30, 2017 Severity: 3-Major
Ping Access Agent processes HTTP requests based on the assumption that the version in the request will be formatted as follows: HTTP/1.0, HTTP/1.1, etc. If the version is invalid and is specificied without a slash, Ping Access Agent generates a core.
Ping Access Agent generates core, which might cause service outage.
This occurs when both of the following conditions are met: -- The HTTP request contains an invalid value for the HTTP version field. -- That provided invalid value does not contain a slash (/) character.
* Write an iRule that uses HTTP request events to detect such invalid requests and to generate an error when encountered (e.g.: "ping_access_agent does not process requests with invalid HTTP version values"). * Attach the iRule to the virtual server. With such an iRule attached to the virtual server, Ping Access Agent will continue to provide the requested service for valid requests.
Ping Access Agent now properly handles requests with invalid HTTP version values.