Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4
Fixed In:
14.1.0, 14.0.0.5, 13.1.1.2
Opened: Jun 17, 2018 Severity: 3-Major
When ASM inspects WebSocket frames, the bd daemon memory is leaking; eventually ASM stops inspecting traffic and sends resets or bypass requests.
ASM may reset connections; failover might occur.
ASM module is provisioned. -- ASM policy and WebSocket profile are attached to a virtual server. -- WebSocket URL has JSON profile attached to it. -- JSON profile has parse parameters flag enabled (this is the default).
There are two workarounds: -- Remove JSON profile from WebSocket URL in the ASM policy. -- Disable parse parameters flag in the json profile.
The system now frees the allocated memory when it finishes the inspect of a WebSocket frame.