Bug ID 1043205

Bug Tracker
ID 1043205

Bug ID 1043205: SSRF Violation should be shown as a Parameter Entity Reference.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
17.0.0, 17.0.0.1, 17.0.0.2

Fixed In:
16.1.2.1

Opened: Aug 27, 2021

Severity: 3-Major

Symptoms

SSRF Violation is shown as a URL Entity Reference instead of a Parameter Entity Reference.

Impact

Wrong Entity Reference in the SSRF violation is misleading.

Conditions

- Create a URI data type parameter - Add a host to the SSRF Host List - Send traffic which contains the URI parameter with the value configured in the SSRF Host List

Workaround

N/A

Fix Information

Corrected the Entity reference as a parameter instead of a URL in the SSRF violation.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips