CVE-2019-6631

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.5.1 through 11.6.4

Description The issue occurs when iRules perform HTTP header manipulation, potentially causing an interruption to service. This happens under specific circumstances when traffic is handled by a Virtual Server with an associated HTTP profile and the requests do not strictly conform to RFCs.

Recommendations For F5 BIG-IP versions 11.5.1 through 11.6.4, consider disabling iRules that perform HTTP header manipulation until a patch is available. Restrict access to Virtual Servers with associated HTTP profiles to minimize the risk of exploitation. Avoid using HTTP header manipulation in iRules for these versions until the issue is resolved.