During key agreement in a TLS handshake using a DH(E) based ciphersuite, a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has ﬁnished. This could be exploited in a Denial Of Service attack.
Update to a ﬁxed version that vendor has released.
For BIG-IP LTM 14.0.0 – 14.1.0, Enterprise Manager, BIG-IQ Centralized Management:
No oﬃcial solution is currently available.
BIG-IP LTM 11.2.1 – 11.6.3, 12.1.0 – 12.1.3, 13.0.0 – 13.1.1:
Update to version 22.214.171.124, 12.1.4, or 126.96.36.199.
BIG-IP AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator: Update to version 188.8.131.52, 12.1.4, or 184.108.40.206