Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
15.1.0
Opened: Sep 22, 2015 Severity: 4-Minor
ASM restarts and bd generates a core.
ASM traffic disrupted while bd restarts.
Logging Format : Comma-Separated Values Storage Format : User-Defined And give format string like what is mentioned in Splunk document - https://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Setup "f5_asm=Splunk-F5-ASM,attack_type=%attack_type%,blocking_exception_reason=%blocking_exception_reason%,client_type=%client_type%,credential_stuffing_lookup_result=%credential_stuffing_lookup_result%,date_time=%date_time%,dest_ip=%dest_ip%,dest_port=%dest_port%,device_id=%device_id%,enforced_by=%enforced_by%,enforcement_action=%enforcement_action%,epoch_time=%epoch_time%,geo_info=%geo_location%,headers=%headers%,http_class=%http_class_name%,ip_addr_intelli=%ip_address_intelligence%,ip_client=%ip_client%,ip_route_domain=%ip_with_route_domain%,is_trunct=%is_truncated%,login_result=%login_result%,manage_ip_addr=%management_ip_address%,method=%method%,mobile_application_name=%mobile_application_name%,mobile_application_version=%mobile_application_version%,policy_apply_date=%policy_apply_date%,policy_name=%policy_name%,protocol=%protocol%,protocol_info=%protocol_info%,query_str=%query_string%,req=%request%,req_status=%request_status% ...snip..." Once the virtual server receives a request and bd tries to generate remote log message, bd crashes.
Use items available in "Available Items" only.
UI validates the storage-format string and rejects if it has an error.