Last Modified: Oct 04, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1
Fixed In:
17.0.0
Opened: Mar 23, 2021 Severity: 4-Minor
Incorrect number of parameter is shown in the violation details for Max Parameter Protocol Compliance.
Request event displays inaccurate number of parameters: the maximum number, plus 1 (e.g., if you specify 7, the maximum shown will be 8). This occurs because the system stops parsing parameters when the violation is triggered, which occurs when receiving a request with more than the value specified in Max Parameter Protocol. So if you enable the alarm or block flag on requests with 5 parameters, a request with more than 5 parameters will be alarmed/blocked, and the number reported will be 6. If the system receives requests with more than 6 parameters, the number of parameters is still reported as 6.
Alarm or block flag is enabled on Max Parameter Protocol Compliance violation, and the request contains more than the maximum specified.
None
Instead of the number of parameters in the request, now the request event displays the configured max parameter value.