Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP ASM
Fixed In:
17.0.0
Opened: Jan 17, 2021 Severity: 4-Minor
An unnecessary swagger validation violation may be raised about illegal parameters which is actually the parameter trap that was injected by ASM and failed to be ignored by the enforcer. Only one of these parameter traps will be ignored - enforcement will be avoided for it. Expected behavior is to avoid enforcement for both parameters traps.
Unecessary swagger validation violation may raise regarding one of these parameters traps and request may be blocked, instead of ignoring swagger enforcement for both parameters traps.
Security team provide 2 traps with type parameter and with identical name but with different values. In adition one of these parameter traps was injected by ASM to the web-page.
None.
Avoid enforcement for each of these parameters traps that share the same name and no violation appears for these parameters traps.