Security Advisory Description
When an HTTP profile with the non-default Enforcement options Enforce RFC Compliance andUnknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2023-22422)
Impact
Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote, unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.