Bug ID 1038733: Attack signature not detected for unsupported authorization types.

Last Modified: Dec 07, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.0.0,,,, 13.1.5

Opened: Aug 05, 2021

Severity: 3-Major


ASM does not detect an Unsupported Bearer authorization type that contains header value in base64 format.


ASM does not raise a violation and does not block the request.


HTTP Request containing Bearer Authorization header which contain a matching signature in base64 encoded format.



Fix Information

ASM decodes base64 value in Bearer Authorization header and perform attack signature matching, raises violation and block request if it contains attack.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips