On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before…
Summary
On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
What this means
In plain English
On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Vulnerable items
- BIG-IP — F5 BIG-IP provides application delivery, load balancing and network security services.
- Advanced WAF
- ASM
Recommended action
Primary action: update to a vendor-listed fixed release: 16.0.1.1, 15.1.2, 14.1.3.1, 13.1.3.6.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
- 16.0.x
- 15.1.x
- 14.1.x
- 13.1.x
Official advisory · high-confidence parse· fetched 4 days ago·verify at source
- 16.0.1.1
- 15.1.2
- 14.1.3.1
- 13.1.3.6
Official advisory · high-confidence parse· fetched 4 days ago·verify at source
Mitigation
Upgrade to a fixed release: 16.0.1.1, 15.1.2, 14.1.3.1, 13.1.3.6. That is the remediation for this advisory.
The vendor advisory may list additional interim mitigations or workarounds not captured here — review it before change work.
Official advisory · high-confidence parse· fetched 4 days ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.