Last Modified: Dec 05, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1
Fixed In:
17.1.2
Opened: Mar 06, 2024 Severity: 3-Major
URLs lacking a scheme are incorrectly parsed as paths rather than server addresses.
Misconfiguration of URLs leads to false positive blocks. The host authority is parsed as a path.
This occurs when the server URL is configured without the scheme.
This behavior can be corrected by adding scheme openapi: 3.0.0 info: title: Sample API version: 1.0.0 servers: - url: https://beta.application-management-test.eset.systems/ paths: /sample_endpoint: get: summary: Create a new entry description: Endpoint to create a new entry with name, age, and date of birth. responses: '200': description: Success response '400': description: Invalid request payload
None