Last Modified: May 29, 2024
Affected Product(s):
BIG-IP ASM
Fixed In:
17.1.0, 16.1.4, 15.1.9
Opened: May 17, 2022 Severity: 3-Major
Under certain conditions ASM skips signature matching.
Signature matching gets skipped.
Authorization header type is Bearer. - When input contains less than or more than 3 parts of JWT token values. - When base64 decode fails while decoding JWT token.
None
ASM checks for signature matching.