Last Modified: Oct 17, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
14.1.2, 14.1.2.1, 14.1.2.2, 15.0.1
Fixed In:
15.1.0, 15.0.1.1, 14.1.2.3
Opened: Aug 16, 2019 Severity: 3-Major
When HTTP response has neither Content-Length nor Transfer-Encoding and has a body, BIG-IP closes a connection to designate end of the response body. HTTP protocol allows to send HEAD request instead of GET request to obtain a response headers only (without). BIG-IP erroneously closes a connection when a response to HEAD request lacks both Content-Length and Transfer-Encoding.
Connection closes and a client may not repeat the corresponding GET request on another connection.
BIG-IP has a virtual server configured to use an HTTP profile. The server response does not include the Content-Length or Transfer-Encoding headers in response to a HEAD request, and both client and server sides expects the communication to continue over the same connection.
None
Connection keeps opened when an unsized response provided to a HEAD request.