Bug ID 671883: [APM] Ping Access Agent does not correctly handle HTTP request with invalid version

Last Modified: Oct 10, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1

Opened: Jun 30, 2017
Severity: 3-Major

Symptoms

Ping Access Agent processes HTTP requests based on the assumption that the version in the request will be formatted as follows: HTTP/1.0, HTTP/1.1, etc. If the version is invalid and is specificied without a slash, Ping Access Agent generates a core.

Impact

Ping Access Agent generates core, which might cause service outage.

Conditions

This occurs when both of the following conditions are met: -- The HTTP request contains an invalid value for the HTTP version field. -- That provided invalid value does not contain a slash (/) character.

Workaround

* Write an iRule that uses HTTP request events to detect such invalid requests and to generate an error when encountered (e.g.: "ping_access_agent does not process requests with invalid HTTP version values"). * Attach the iRule to the virtual server. With such an iRule attached to the virtual server, Ping Access Agent will continue to provide the requested service for valid requests.

Fix Information

Ping Access Agent now properly handles requests with invalid HTTP version values.

Behavior Change