Bug ID 1038733: Attack signature not detected for unsupported authorization types.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, 13.1.5

Opened: Aug 05, 2021

Severity: 3-Major

Symptoms

ASM does not detect an Unsupported Bearer authorization type that contains header value in base64 format.

Impact

ASM does not raise a violation and does not block the request.

Conditions

HTTP Request containing Bearer Authorization header which contain a matching signature in base64 encoded format.

Workaround

N/A

Fix Information

ASM decodes base64 value in Bearer Authorization header and perform attack signature matching, raises violation and block request if it contains attack.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips