CVE-2021 Checker iApp
Published Mar 11, 2021
Version 1.0Was this article helpful?
After upgrade 14.1.4, still getting
CVE-2021-22999 CVSS score: 5.9 (Medium)
Vulnerability info
K02333782: BIG-IP HTTP/2 vulnerability CVE-2021-22999
The BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed.
Vulnerable
The software version is vulnerable. You should update to TMOS v14.1.4 as soon as possible.
Impact
A remote attacker may cause the Traffic Management Microkernel (TMM) to leak memory and, over time, consume excessive system resources, leading to slow operation and eventual failover to a standby host.