Lucene search
F5F5:K000132430HistoryMay 08, 2024 - 12:00 a.m.
K000132430 : The BIG-IP system may fail to block HTTP Request Smuggling attacks
2024-05-0800:00:00
my.f5.com
18
big-ip
http request smuggling
security controls
sensitive data
http profile
7.3 High
AI Score
Confidence
Low
Security Advisory Description
The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an HTTP Request Smuggling attack.
This issue occurs when all of the following conditions are met:
- A virtual server is associated with an HTTP profile.
- The BIG-IP system receives a specially crafted HTTP/1.1 request.
Impact
Depending on the behavior of the pool member, HTTP Request Smuggling attacks may allow an attacker to bypass security controls and/or gain unauthorized access to sensitive data.
Symptoms
As a result of this issue, you may encounter the following symptom:
- The pool member receives malicious HTTP requests wrapped within an HTTP request (also known as an HTTP Request Smuggling attack).
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big\-ip_next | 20.0.1 | cpe:2.3:a:f5:big\-ip_next:20.0.1:*:*:*:*:*:*:* |
| f5 | big\-ip_next | 20.0.2 | cpe:2.3:a:f5:big\-ip_next:20.0.2:*:*:*:*:*:*:* |
| f5 | big\-ip_next | 20.1.0 | cpe:2.3:a:f5:big\-ip_next:20.1.0:*:*:*:*:*:*:* |
| f5 | big\-ip_next | 20.1.1 | cpe:2.3:a:f5:big\-ip_next:20.1.1:*:*:*:*:*:*:* |
| f5 | big\-ip_next | 20.2.0 | cpe:2.3:a:f5:big\-ip_next:20.2.0:*:*:*:*:*:*:* |
| f5 | big\-ip_next | 1.1.0 | cpe:2.3:a:f5:big\-ip_next:1.1.0:*:*:*:*:*:*:* |
| f5 | big\-ip_next | 1.1.1 | cpe:2.3:a:f5:big\-ip_next:1.1.1:*:*:*:*:*:*:* |
| f5 | big\-ip_next | 1.2.0 | cpe:2.3:a:f5:big\-ip_next:1.2.0:*:*:*:*:*:*:* |
| f5 | big\-ip_next | 1.2.1 | cpe:2.3:a:f5:big\-ip_next:1.2.1:*:*:*:*:*:*:* |
| f5 | big\-ip_next | 1.3.0 | cpe:2.3:a:f5:big\-ip_next:1.3.0:*:*:*:*:*:*:* |
7.3 High
AI Score
Confidence
Low