Bug ID 738669: Login validation may fail for a large request with early server response

Last Modified: Jun 04, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5

Fixed In:
14.1.0, 13.1.1.2, 12.1.3.7

Opened: Jul 30, 2018
Severity: 3-Major

Symptoms

in case of large request/response, if FPS needs to store ingress and ingress chunks in buffer for additional processing (ingress :: for parameter parsing, egress :: for login validation's banned/mandatory strings check or scripts injection), if the server responds fast enough, the buffer may contain mixed parts of request/response. This may have several effects, from incorrectly performing login-validation to generating a tmm core file.

Impact

This results in one or more of the following: -- Login validation failure/skip. -- Bad response/script injection. -- tmm core. In this case, traffic is disrupted while tmm restarts.

Conditions

-- Login validation is enabled and configured to check for banned/mandatory string. -- A username parameter is configured. -- There are no parameters configured for encrypt/HTML Field Obfuscation (HFO), and no decoy parameters. -- There is a large request and response. -- The system response very quickly.

Workaround

None.

Fix Information

FPS now handles ingress/egress buffers separately, so this issue no longer occurs.

Behavior Change