Bug ID 1558581: Host authority sub component not parsed properly

Last Modified: Dec 05, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1

Fixed In:
17.1.2

Opened: Mar 06, 2024

Severity: 3-Major

Symptoms

URLs lacking a scheme are incorrectly parsed as paths rather than server addresses.

Impact

Misconfiguration of URLs leads to false positive blocks. The host authority is parsed as a path.

Conditions

This occurs when the server URL is configured without the scheme.

Workaround

This behavior can be corrected by adding scheme openapi: 3.0.0 info: title: Sample API version: 1.0.0 servers: - url: https://beta.application-management-test.eset.systems/ paths: /sample_endpoint: get: summary: Create a new entry description: Endpoint to create a new entry with name, age, and date of birth. responses: '200': description: Success response '400': description: Invalid request payload

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips