Bug ID 1350141: Duplicate user-defined Signature Set based on Attack Type is created upon policy import during upgrade

Last Modified: Dec 05, 2024

Affected Product(s):
BIG-IP ASM, Install/Upgrade(all modules)

Known Affected Versions:
16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.0.0, 17.0.0.1, 17.0.0.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4

Fixed In:
17.1.2, 16.1.5

Opened: Sep 08, 2023

Severity: 3-Major

Symptoms

After an upgrade, the user-defined sets attached to a policy are upgraded with the wrong empty value, instead of a NULL value, for sig_tag_val field.

Impact

Importing the same policy into the upgraded system will create a duplicate set and the upgraded set will not be used.

Conditions

Before upgrade, there is a policy which is using a user defined set based on a filter which is not sig_tag_op (so the sig_tag_val has a NULL value in the database)

Workaround

You can repair the policy by navigating to “Security ›› Application Security : Policy Building : Learning and Blocking Settings”, clicking on “change”, and choosing the original created sets instead of the duplicated sets. Save, and then apply the policy. The duplicated sets can be deleted after that.

Fix Information

After upgrade, the value for sig_tag_val is the correct NULL value.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips