Last Modified: Jul 12, 2023
BIG-IP APM, LTM, PEM
Known Affected Versions:
14.0.0, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 14.0.1, 126.96.36.199, 14.1.0, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 14.1.2, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 15.0.0, 15.0.1, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52
Opened: May 13, 2019 Severity: 2-Critical
An ICAP request (REQMOD or RESPMOD) body goes out to the ICAP server as far as a preview. If the server responds 100-continue, only a single chunk of the remaining payload might be sent to the server. Eventually the connection times out.
Only the first chunk of payload is sent after the preview, and eventually the connection times out.
-- An ICAP profile is configured with a preview. -- The HTTP request or response to be modified has a body that is more than one chunk longer than the preview length, yet short enough to be completely buffered in BIG-IP system before the preview is sent to the ICAP server. -- The ICAP server responds with 100-continue.
The BIG-IP system now sends the complete ICAP request to the server, and the transaction completes normally.