F5 Networks BIG-IP : TMM vulnerability (K45611803)
Medium Nessus Plugin ID 118667
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionF5 BIG-IP 13.0.0-188.8.131.52, 12.1.0-184.108.40.206, or 11.6.0-220.127.116.11 virtual servers with HTTP/2 profiles enabled are vulnerable to 'HPACK Bomb'.
HPACK bombs are designed to consume an abnormal amount of memory resources on a target system, which can result in a denial of service (DoS). This issue is exposed only on the BIG-IP system's data plane;
there is no control plane exposure for this issue.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K45611803.