K000137322: BIG-IP iRule or LTM policy may generate multiple HTTP redirect responses

Question

Since I didn't almost miss the announcement of this vulnerability, I want to share it again here.
Have you already mitigations in place? Request smuggling is not a completely new problem.
https://my.f5.com/manage/s/article/K000137322

john_adams · Answer

I'm working on this now. I wrote a Perl script to parse an excerpt from bigip.conf--all the entries beginning "ltm virtual "--and generate commands to modify all the virtual servers with an affected iRule. That's my naïve approach to it.

What I'm not totally clear on is two-fold: How serious is this issue and how effective is this mitigation?

nandhi · Answer

Any fixed release for this&nbsp;vulnerability? or still relying on irule. thanks.

juergen_mang · Answer

https://my.f5.com/manage/s/article/K000137322

Forum Discussion

K000137322: BIG-IP iRule or LTM policy may generate multiple HTTP redirect responses

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

Introduction of Incident Response

Secure, Deliver and Optimize Your Modern Generative AI Apps with F5

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Generate API SDK for F5 Distributed Cloud

custom response page for api

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS