Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

K000137322: BIG-IP iRule or LTM policy may generate multiple HTTP redirect responses

Juergen_Mang
MVP
MVP

‎30-Oct-2023 02:17

Since I didn't almost miss the announcement of this vulnerability, I want to share it again here.

Have you already mitigations in place? Request smuggling is not a completely new problem.

https://my.f5.com/manage/s/article/K000137322

Labels:
0 Kudos
1 REPLY 1

John_Adams
Nimbostratus
Nimbostratus

‎02-Nov-2023 07:51

I'm working on this now. I wrote a Perl script to parse an excerpt from bigip.conf--all the entries beginning "ltm virtual "--and generate commands to modify all the virtual servers with an affected iRule. That's my naïve approach to it.

What I'm not totally clear on is two-fold: How serious is this issue and how effective is this mitigation?

0 Kudos
Copyright © 2023 Khoros, LLC