Description
When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- F5 / BIG-IP17.1.0 – 17.1.0.3.0.23.4-ENG
- F5 / BIG-IP16.1.0 – 16.1.4.1.0.13.5-ENG
- F5 / BIG-IP15.1.0 – *
- F5 / BIG-IP14.1.0 – *
- F5 / BIG-IP13.1.0 – *
- F5 / BIG-IP Next SPK1.6.0 – *