F5 BIG-IP HTTP/2 Memory Resource Utilization Vulnerability Leading to Denial-of-Service
Vulnerability
A vulnerability exists in F5 BIG-IP systems when a virtual server is configured with an HTTP/2 httprouter profile. Undisclosed responses can cause increased memory resource utilization, leading to degraded system performance. This degradation can force a restart of the Traffic Management Microkernel (TMM) process, causing a denial-of-service (DoS) condition on the BIG-IP system. This issue is a data plane problem only, with no control plane exposure.
Impact
Exploitation of this vulnerability causes a degradation of service that can lead to a denial-of-service condition on the BIG-IP system.
Remediation
Users can remove the HTTP/2 profile and httprouter definitions from the virtual server to mitigate this vulnerability. For BIG-IP Next systems, consult the BIG-IP Next Central Manager documentation for guidance on managing HTTP/2 profiles. Additionally, systems with high availability (HA) can be configured to lessen the impact of this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.