Apache http Server Range Header Denial Of Service Vulnerability and BIND 9 dns_db_findrdataset Function Denial of F5 devices

Issue: Apache http Server Range Header Denial Of Service Vulnerability and BIND 9 dns_db_findrdataset Function Denial of

 

Service Vulnerability on couple of F5 devices running with code 9.4.6 401.0 and they are BIG-IP 3600.

 

F5 suggested the following ariticles.

 

For Apache Range header Vulnerability F5 suggested to mitigate this by unset the Range and Request Range headers on the

 

incoming packets. Can some on let me know does this will be impact on the production traffic by removing the Range and

 

Request Range headers from all requests.

 

For BIND vulnerability F5 suggested to mitigate this issue by implementing the packet filter workaround to filter and

 

reject dynamic update packets by inspecting the opcode (operation code) of a DNS packet for updates. By rejecting the

 

dynamic update packets will there be an impact on the production traffc

 

sol13114: Apache Range header vulnerability - CVE-2011-3192

 

http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13114.html?sr=33176445

 

sol10366: BIND vulnerability - CVE-2009-0696

 

http://support.f5.com/kb/en-us/solutions/public/10000/300/sol10366.html?sr=33176425