Bug ID 868889: BIG-IP may reset a stream with an empty DATA frame as END_STREAM

Last Modified: Jan 22, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 15.0.0, 15.0.1, 15.0.1.1

Opened: Jan 14, 2020
Severity: 3-Major

Symptoms

HTTP/2 defines END_STREAM flag in a frame as an end of a stream. A peer can send an empty (with no payload) DATA frame to designate a last one in a stream. When BIG-IP receives an empty DATA frame, it handles it incorrectly, sending RST_STREAM to a client.

Impact

The BIG-IP system may reset the stream.

Conditions

-- The BIG-IP system has a virtual server configured with an HTTP/2 profile on the client side. -- The client sends a request containing a payload over a stream, ending the stream with empty DATA frame.

Workaround

A client should resend the request handling more data.

Fix Information

None

Behavior Change