F5 BIG-IP LTM HTTP Denial of Service Vulnerability


Description   (:A denial of service vulnerability has been identified in F5 BIG-IP LTM.:A remote attacker could exploit it by sending specially crafted HTTP requests in order to make the HTTP server hang and eventually timeout.::The vulnerability is due to the bad handling of improperly formatted protocol version in HTTP requests.)
     
Vulnerable Products   Vulnerable OS:
BIG-IP LTM (F5) - 10.1.0, 10.2.0, 10.2.1, 10.2.1 HF1, 10.2.1 HF2, ..., 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5
     
Solution   - 10.2.4 HF12.
     
CVE  
     
References   - sol16672 : An improperly formatted HTTP request-line may cause connections to hang and eventually timeout
https://support.f5.com/kb/en-us/solutions/public/16000/600/sol16672.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Invalid HTTP protocol
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-10-23 

 Target Type 
Server 

 Possible exploit 
Remote