Volerion logoVolerion
Volerion logoVolerion

F5 BIG-IP Advanced WAF and ASM Data Guard Protection Enforcement URL Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in F5 BIG-IP Advanced WAF and ASM. When the Data Guard Protection Enforcement setting is configured with a URL longer than 1024 characters, the bd process can repeatedly terminate. This issue can be triggered manually or through the automatic Policy Builder. The vulnerability affects BIG-IP versions 17.5.0 and 17.1.0 through 17.1.2.

Impact

Exploitation of this vulnerability disrupts traffic as the bd process restarts, causing a denial-of-service condition on the affected BIG-IP Advanced WAF or ASM system.

Remediation

To address this vulnerability, users can replace the long URL in the Data Guard Protection Enforcement setting with a wildcard URL. After removing the long URL, enter a wildcard URL, save the changes, and apply the policy. For more information about the Data Guard feature, refer to the BIG-IP Application Security Manager: Implementations manual.

Added: Oct 15, 2025, 2:21 PM
Updated: Oct 15, 2025, 2:21 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
2.5
exploitability
7.6
remediation
7.9
relevance
0.7
threat
0.0
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.