CVE-2021-23028

Name of the Vulnerable Software and Affected Versions F5 BIG-IP ASM versions 13.1.x through 13.1.4 F5 BIG-IP ASM versions 14.1.x through 14.1.4.2 F5 BIG-IP ASM versions 15.1.x through 15.1.3.1 F5 BIG-IP ASM versions 16.0.x through 16.0.1.2

Description When JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate.

Recommendations For versions 13.1.x through 13.1.4, update to a version after 13.1.4 to resolve the issue. For versions 14.1.x through 14.1.4.2, update to a version after 14.1.4.2 to resolve the issue. For versions 15.1.x through 15.1.3.1, update to a version after 15.1.3.1 to resolve the issue. For versions 16.0.x through 16.0.1.2, update to a version after 16.0.1.2 to resolve the issue. As a temporary workaround, consider restricting the use of JSON content profiles for URLs in the F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy until a patch is available.