First published: Wed Jul 03 2019(Updated: )
On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs.
Credit: f5sirt@f5.com
Affected Software | Affected Version | How to fix |
---|---|---|
F5 Big-ip Local Traffic Manager | >=11.5.2<=11.6.4 | |
F5 Big-ip Application Acceleration Manager | >=11.5.2<=11.6.4 | |
F5 BIG-IP Advanced Firewall Manager | >=11.5.2<=11.6.4 | |
F5 BIG-IP Analytics | >=11.5.2<=11.6.4 | |
F5 BIG-IP Access Policy Manager | >=11.5.2<=11.6.4 | |
F5 BIG-IP Application Security Manager | >=11.5.2<=11.6.4 | |
F5 Big-ip Domain Name System | >=11.5.2<=11.6.4 | |
F5 Big-ip Edge Gateway | >=11.5.2<=11.6.4 | |
F5 Big-ip Global Traffic Manager | >=11.5.2<=11.6.4 | |
F5 Big-ip Link Controller | >=11.5.2<=11.6.4 | |
F5 Big-ip Policy Enforcement Manager | >=11.5.2<=11.6.4 | |
F5 Big-ip Webaccelerator | >=11.5.2<=11.6.4 | |
F5 Big-ip Websafe | >=11.5.2<=11.6.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-6631 is a vulnerability on BIG-IP 11.5.1-11.6.4 where iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile.
CVE-2019-6631 affects various F5 BIG-IP products, including Local Traffic Manager, Application Acceleration Manager, Advanced Firewall Manager, Analytics, Access Policy Manager, Application Security Manager, Domain Name System, Edge Gateway, Global Traffic Manager, Link Controller, Policy Enforcement Manager, Webaccelerator, and Websafe.
CVE-2019-6631 has a severity level of high, with a CVSS score of 7.5.
To fix CVE-2019-6631, upgrade your F5 BIG-IP software to a version between 11.5.2 and 11.6.4.
You can find more information about CVE-2019-6631 on the SecurityFocus website and the F5 support article.