Bug ID 1628329

Bug Tracker
ID 1628329

Bug ID 1628329: The SSRF - FQDN segment with digits only is considered invalid by mistake

Last Modified: Feb 28, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.5.0, 17.1.2

Opened: Aug 15, 2024

Severity: 4-Minor

Symptoms

The hostname validation incorrectly requires a letter in each segment of FQDN (it could not be comprised of only digits). However, FQDNs may contain any combination of letters, digits, and hyphens in each segment.

Impact

The request is blocked due to an “Illegal parameter data type” violation.

Conditions

- Illegal parameter data type enabled - Add parameter as 'uri' data-type - Send a request configured with uri data-type parameter as a value, such as "abc.123.co.in.us:80" with segments containing only digits.

Workaround

None

Fix Information

The request passes with no violations.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips