iRules performing HTTP header manipulation may cause a denial-of-service(DoS) when processing traffic handled by a virtual server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs.(CVE-2019-6660)
Impact
The affected BIG-IP system’s Traffic Management Microkernel (TMM) process enters a loop when handling malformed HTTP requests, and this may result in an interruption in traffic processing. If the BIG-IP system is part of a high availability (HA) group, a device failover may occur.