F5 Networks BIG-IP : TMM vulnerability (K45611803)
Medium Nessus Plugin ID 118667
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionF5 BIG-IP 13.0.0-22.214.171.124, 12.1.0-126.96.36.199, or 11.6.0-188.8.131.52 virtual servers with HTTP/2 profiles enabled are vulnerable to 'HPACK Bomb'.
HPACK bombs are designed to consume an abnormal amount of memory resources on a target system, which can result in a denial of service (DoS). This issue is exposed only on the BIG-IP system's data plane;
there is no control plane exposure for this issue.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K45611803.