Last Modified: Oct 17, 2023
Known Affected Versions:
14.1.2, 220.127.116.11, 18.104.22.168, 15.0.1
15.1.0, 22.214.171.124, 126.96.36.199
Opened: Aug 16, 2019 Severity: 3-Major
When HTTP response has neither Content-Length nor Transfer-Encoding and has a body, BIG-IP closes a connection to designate end of the response body. HTTP protocol allows to send HEAD request instead of GET request to obtain a response headers only (without). BIG-IP erroneously closes a connection when a response to HEAD request lacks both Content-Length and Transfer-Encoding.
Connection closes and a client may not repeat the corresponding GET request on another connection.
BIG-IP has a virtual server configured to use an HTTP profile. The server response does not include the Content-Length or Transfer-Encoding headers in response to a HEAD request, and both client and server sides expects the communication to continue over the same connection.
Connection keeps opened when an unsized response provided to a HEAD request.