CVE-2021-22999 - F5 Big-ip Access Policy Manager, F5 Ssl Orchestrator and F5 Big-ip Global Traffic Manager
On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Affected software
F5 Big-ip Access Policy Manager
F5 Ssl Orchestrator
F5 Big-ip Global Traffic Manager
F5 Big-ip Domain Name System
F5 Big-ip Application Acceleration Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Analytics
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Link Controller
F5 Big-ip Application Security Manager
F5 Big-ip Local Traffic Manager