It's a good thing we are naming all of our vulnerabilities now; it's easier to keep track of them. I haven't seen an official designation for CVE-2014-6271, but Shellshock seems appropriate. This ...
In reference to "At this point, we do not believe the traffic passing interfaces of a BIG-IP can be exploited. The attack will be passed to back end severs. We do not believe that the attack could exploit a BIG-IP directly through the traffic interfaces."
What is the situation with an iRule which performs a http redirect, or some other http response to a user request. Would this not also be vulnerable in the same way that a normal web server is?