CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

K21800102: HTTP RFC enforcement is bypassed when a redirect iRule is applied to the virtual server

Security Advisory Description A specifically crafted HTTP request may bypass BIG-IP HTTP RFC enforcement and may lead the BIG-IP system to pass malformed HTTP requests to a target pool member web server. This issue occurs when all of the following conditions are met: A virtual server with an iRul...

CVE-2021-23000

On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may...

KLA10748 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface and execute arbitrary code. Below is a complete list of vulnerabilities 1. Multiple memory safety...