Last Modified: Feb 07, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
17.0.0.2, 17.0.0.1, 15.1.8.2, 15.1.8.1, 15.1.8, 15.1.7
Fixed In:
17.1.0, 16.1.4, 15.1.9
Opened: Jun 13, 2022 Severity: 3-Major
An "Unparsable request content" violation is detected for valid headers that do not have a space after the header's name ':'.
Requests that are suppose to pass are blocked by the ASM enforcer.
Any header without a space between the colon ':' and the header value will trigger "Unparsable request content". With v14.1.x, there are no affected versions. With v15.1.x, this issue was introduced in 15.1.7 With v16.1.x, there are no affected versions. With v17.0.x, this issue was introduced in 17.0.0.1 With v17.1.x, there are no affected versions.
The client has to send headers with space after ':'.
No "Unparsable request content" violation for headers with space after ':'.