Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Historic F5 Account

A critical Windows vulnerability in its HTTP stack ("HTTP.sys"), which was resolved in a recent Microsoft's Patch Tuesday release, could allow remote attackers to execute code on an IIS server with the privileges of the System account. A Proof-of-Concept code to check the existence of this vulnerability was soon to follow. Remote attackers could exploit the way "HTTP.sys" parses requests with a Range header including a very large byte range to crash the server or potentially run their shellcode.



                                                                                POC Information



                                                                    Bug details according to the POC


More details on the available patch could be found in Microsoft’s security builletin MS15-034:


Following user-defined signature will detect and mitigate attempts to exploit this vulnerability while using ASM.

ASM versions including and above 11.2.x:

headercontent: "range"; nocase; re2:"/bytes\s*=.*?[0-9]{10,}\b/Hi";


ASM versions including and below 11.1.x:

headercontent: "range"; nocase; pcre:"/bytes\s*=.*?[0-9]{10,}\b/Hi";

HI Maxim, As a beginner, can you explain me how to implement this solution in the ASM (BIGIP 10.2.4)
Historic F5 Account
F5 Employee
F5 Employee
Additonal mitigations have been published: Using iRules - Using LineRate -
Version history
Last update:
‎15-Apr-2015 11:42
Updated by: