In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile. (CVE-2016-9253)
Note: Virtual servers configured to use the HTTP profile (and no websocket profile) that process websocket traffic are not vulnerable to this issue. This issue only affects the BIG-IP data plane; there is no control plane exposure to this vulnerability.
Impact
An attacker may be able to disrupt service on the BIG-IP system by sending crafted websocket traffic to the virtual server.