Forum Discussion

Juergen_Mang's avatar
Oct 30, 2023

K000137322: BIG-IP iRule or LTM policy may generate multiple HTTP redirect responses

Since I didn't almost miss the announcement of this vulnerability, I want to share it again here.

Have you already mitigations in place? Request smuggling is not a completely new problem.

3 Replies

  • I'm working on this now. I wrote a Perl script to parse an excerpt from bigip.conf--all the entries beginning "ltm virtual "--and generate commands to modify all the virtual servers with an affected iRule. That's my naïve approach to it.

    What I'm not totally clear on is two-fold: How serious is this issue and how effective is this mitigation?

  • Any fixed release for this vulnerability? or still relying on irule. thanks.