On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Big-ip_access_policy_manager | F5 | 12.1.0 (including) | 12.1.3.2 (excluding) |
Big-ip_access_policy_manager | F5 | 13.0.0 (including) | 13.1.0.4 (excluding) |
Big-ip_advanced_firewall_manager | F5 | 12.1.0 (including) | 12.1.3.2 (excluding) |
Big-ip_advanced_firewall_manager | F5 | 13.0.0 (including) | 13.1.0.4 (excluding) |
Big-ip_application_acceleration_manager | F5 | 12.1.0 (including) | 12.1.3.2 (excluding) |
Big-ip_application_acceleration_manager | F5 | 13.0.0 (including) | 13.1.0.4 (excluding) |
Big-ip_application_security_manager | F5 | 12.1.0 (including) | 12.3.1.2 (excluding) |
Big-ip_application_security_manager | F5 | 13.0.0 (including) | 13.1.0.4 (excluding) |
Big-ip_link_controller | F5 | 12.1.0 (including) | 12.1.3.2 (excluding) |
Big-ip_link_controller | F5 | 13.0.0 (including) | 13.1.0.4 (excluding) |
Big-ip_local_traffic_manager | F5 | 12.1.0 (including) | 12.1.3.2 (excluding) |
Big-ip_local_traffic_manager | F5 | 13.0.0 (including) | 13.1.0.4 (excluding) |
Big-ip_policy_enforcement_manager | F5 | 12.1.0 (including) | 12.1.3.2 (excluding) |
Big-ip_policy_enforcement_manager | F5 | 13.0.0 (including) | 13.1.0.4 (excluding) |
Big-ip_websafe | F5 | 1.0.0 (including) | 1.0.0 (including) |
Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing within the code, or when communicating with other components. Input can consist of:
Data can be simple or structured. Structured data can be composed of many nested layers, composed of combinations of metadata and raw data, with other simple or structured data. Many properties of raw data or metadata may need to be validated upon entry into the code, such as:
Implied or derived properties of data must often be calculated or inferred by the code itself. Errors in deriving properties may be considered a contributing factor to improper input validation.