CVE-2014-6271 Shellshocked

It's a good thing we are naming all of our vulnerabilities now; it's easier to keep track of them. I haven't seen an official designation for CVE-2014-6271, but Shellshock seems appropriate. This ...
Published Sep 25, 2014
Version 1.0
security
shellshock
TMOS
Rich101's avatar
Rich101
Icon for Nimbostratus rankNimbostratus
Sep 29, 2014
In reference to "At this point, we do not believe the traffic passing interfaces of a BIG-IP can be exploited. The attack will be passed to back end severs. We do not believe that the attack could exploit a BIG-IP directly through the traffic interfaces." What is the situation with an iRule which performs a http redirect, or some other http response to a user request. Would this not also be vulnerable in the same way that a normal web server is?