Under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied. (CVE-2020-5879)
Impact
The affected system sends some requests to the back-end server without encryption, possibly leaking sensitive data. The requests affected by this vulnerability are processed by a virtual server associated with a DoS profile that has a CAPTCHA challenge configured.