Last Modified: Feb 07, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1
Fixed In:
17.0.0, 16.1.2.2, 15.1.5.1
Opened: Apr 05, 2021 Severity: 3-Major
To fulfill "A4 XML External Entities (XXE)", some required signatures need to be enforced. Due to an update in some of those attack signatures names, this section does not find the signatures and by mistake it shows that the signatures are not enforced. Also, when you choose to enforce the required signatures, this section tries to enforce the signatures, but looks for them via the old name, so it does not find them, and can't enforce them.
"A4 XML External Entities (XXE)" Compliance can't be fully compliant.
The attack signatures file is updated with the new names for the XXE signatures. The old names are in use while trying to find and enforce the signatures, but it does not find them and can't enforce them and also can't see if they are already enforced.
N/A
The signature ID is being used instead of signature name, and now it can find them and enforce them if needed.