When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Weakness
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Big-ip_advanced_web_application_firewall | F5 | 15.1.0 (including) | 15.1.10.8 (excluding) |
| Big-ip_advanced_web_application_firewall | F5 | 16.1.0 (including) | 16.1.6.1 (excluding) |
| Big-ip_advanced_web_application_firewall | F5 | 17.1.0 (including) | 17.1.3 (excluding) |
| Big-ip_advanced_web_application_firewall | F5 | 17.5.0 (including) | 17.5.1.3 (excluding) |
| Big-ip_application_security_manager | F5 | 15.1.0 (including) | 15.1.10.8 (excluding) |
| Big-ip_application_security_manager | F5 | 16.1.0 (including) | 16.1.6.1 (excluding) |
| Big-ip_application_security_manager | F5 | 17.1.0 (including) | 17.1.3 (excluding) |
| Big-ip_application_security_manager | F5 | 17.5.0 (including) | 17.5.1.3 (excluding) |