Last Modified: May 29, 2024
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1
Fixed In:
14.0.0, 13.1.1.2
Opened: Dec 11, 2017 Severity: 2-Critical Related Article:
K43392052
TMM would core upon matching a past (saved) dynamic signature of a specific family (network or dns) after the dynamic signature is disabled for that family on the parent context (but still enabled for other families).
Traffic interruption due to TMM restart. Traffic disrupted while tmm restarts.
This occurs in the following scenario: -- Enable Network and DNS BDOS simultaneously (on DoS Device config). -- Generate dynamic signature that has both network and DNS metrics. -- Wait for signature to be moved to 'past' (persist) state. -- Disable either network or DNS BDOS (but not both). -- TMM cores if the traffic matches this signature.
There is no workaround at this time.
In this release, if the dynamic signature is disabled for a specific family on a parent context (but not disabled for other family on that context), any past attack signature for the context is now deleted from the system.