Last Modified: May 29, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
14.1.5
Fixed In:
14.1.5.1
Opened: Apr 08, 2022 Severity: 2-Critical
URL parameters that are configured as 'Base64 Decoding' false are still treated as Base64 Encoded values. This leads to reading incorrect parameter values.
A request gets blocked with an attack signature detected, when it should not be. Negative signature check gets skipped or generates false alarms.
Create a parameter, not staged with user-input, alpha-numeric, Base64 values set to False.
None
The system now check to determine whether Base64 is set for the parameter before decoding it.