Security Advisory Description The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an HTTP Request Smuggling attack. This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. The BIG-IP system receives a specially crafted HTTP/1.1 request. Impact Depending on the behavior of the pool member, HTTP Request Smuggling attacks may allow an attacker to bypass security controls and/or gain unauthorized access to sensitive data. Symptoms As a result of this issue, you may encounter the following symptom: The pool member receives malicious HTTP requests wrapped within an HTTP request (also known as an HTTP Request Smuggling…Read More
K000132430 : The BIG-IP system may fail to block HTTP Request Smuggling attacks
