Bug ID 868889: BIG-IP may reset a stream with an empty DATA frame as END_STREAM

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4

Fixed In:
14.1.2.5

Opened: Jan 14, 2020

Severity: 3-Major

Symptoms

HTTP/2 defines END_STREAM flag in a frame as an end of a stream. A peer can send an empty (with no payload) DATA frame to designate a last one in a stream. When BIG-IP receives an empty DATA frame, it handles it incorrectly, sending RST_STREAM to a client.

Impact

The BIG-IP system may reset the stream.

Conditions

-- The BIG-IP system has a virtual server configured with an HTTP/2 profile on the client side. -- The client sends a request containing a payload over a stream, ending the stream with empty DATA frame.

Workaround

A client should resend the request handling more data.

Fix Information

When empty DATA frame with END_STREAM flag is handled by the BIG-IP system, it terminates the stream accordingly.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips