Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
Only virtual servers with configurations using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable. The HTTP Explicit Proxy functionality is enabled when an HTTP profile associated with a virtual server has the Proxy Mode setting configured with the**Explicit **value. In the following HTTP profile configuration snippet example, an HTTP profile is configured with the Explicit Proxy functionality:
ltm profile http /Common/My_HTTP_explicit_profile {
   app-service none
   defaults-from /Common/http-explicit
   explicit-proxy {
       default-connect-handling allow
       dns-resolver /Common/My_DNS_resolver
   }
   proxy-type explicit
}
The following profile configuration snippet example shows a typical SOCKS profile:
ltm profile socks My_SOCKS_profile {
   app-service none
   defaults-from socks
   dns-resolver My_DNS_resolver
}
To determine if your BIG-IP system has a virtual server configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile, perform the following procedures:
Determining the HTTP profiles configured with the Explicit Proxy functionality
Impact of action: Performing the following procedure should not have a negative impact on your system.
tmsh
list ltm profile http proxy-type | grep -B 1 explicit
Determining the SOCKS profiles configured on the system
Impact of action: Performing the following procedure should not have a negative impact on your system.
tmsh
list ltm profile socks
Determining the virtual servers that are enabled with the HTTP Explicit Proxy functionality and/or SOCKS profile
Impact of action: Performing the following procedure should not have a negative impact on your system.
tmsh
list ltm virtual all profiles | grep -B 2 <profile name>
For example, you would type the following command to determine which virtual server is using the My_HTTP_explicit_profile profile:
list ltm virtual all profiles | grep -B 2 My_HTTP_explicit_profile
Supplemental Information
Note: This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html
support.f5.comhttps://www.first.org/cvss/specification-document