A vulnerability exists in the legacy version of the mod_jk2 Apache module. If successfully exploited, an attacker may be able to run arbitrary code on affected system.
Information about this advisory is available at the following location:
F5 Product Development tracked this issue as CR83564 and it was fixed in BIG-IP 9.1.3, 9.3 HF1, and 9.4.1 HF1. For information about upgrading, refer to the LTM, GTM, ASM, Link Controller, or WebAccelerator Release Notes.
F5 Product Development tracked this issue as CR83564 and it was fixed in Enterprise Manager 1.4.1. For information about upgrading, refer to the Enterprise Manager Release Notes.
Note: For more information about installing the hotfixes listed above, refer to the readme file on the F5 Downloads site for your version-specific hotfix.
For information about downloading software, refer to SOL167: Downloading software from F5.
F5 would like to acknowledge IOActive for their efforts in identifying this issue.