Bug ID 888285: Sensitive positional parameter not masked in 'Referer' header value

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
16.0.0, 15.1.1, 14.1.2.8

Opened: Mar 08, 2020

Severity: 3-Major

Related Article: K18304067

Symptoms

When the URI and 'Referer' header share the same positional parameter, the 'Referer' positional parameter is not masked in logs.

Impact

'Referer' header positional parameter value is not masked in logs.

Conditions

Sending a request with positional parameter in URI and 'Referer' header.

Workaround

None.

Fix Information

'Referer' positional parameter value is masked as expected.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips