PT-2020-18784 · F5 · F5 Big-Ip
Published
2020-04-30
·
Updated
2021-07-21
·
CVE-2020-5883
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 13.1.0 through 13.1.3.1
F5 BIG-IP versions 14.0.0 through 14.0.1
F5 BIG-IP versions 14.1.0 through 14.1.2.3
F5 BIG-IP versions 15.0.0 through 15.0.1
Description
The issue occurs when a virtual server is configured with HTTP explicit proxy and has an attached HTTP PROXY REQUEST iRule. In this scenario, POST requests sent to the virtual server cause an xdata memory leak.
Recommendations
For versions 13.1.0 through 13.1.3.1, consider disabling the HTTP PROXY REQUEST iRule to prevent the memory leak.
For versions 14.0.0 through 14.0.1, consider disabling the HTTP PROXY REQUEST iRule to prevent the memory leak.
For versions 14.1.0 through 14.1.2.3, consider disabling the HTTP PROXY REQUEST iRule to prevent the memory leak.
For versions 15.0.0 through 15.0.1, consider disabling the HTTP PROXY REQUEST iRule to prevent the memory leak.
Fix
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip