Bug ID 1038733: Attack signature not detected for unsupported authorization types.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5, 16.1.0, 16.1.1, 16.1.2,

Fixed In:
17.0.0,,,, 13.1.5

Opened: Aug 05, 2021
Severity: 3-Major


ASM does not detect an Unsupported Bearer authorization type that contains header value in base64 format.


ASM does not raise a violation and does not block the request.


HTTP Request containing Bearer Authorization header which contain a matching signature in base64 encoded format.



Fix Information

ASM decodes base64 value in Bearer Authorization header and perform attack signature matching, raises violation and block request if it contains attack.

Behavior Change