Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
17.0.0, 17.0.0.1, 17.0.0.2
Fixed In:
16.1.2.1
Opened: Aug 27, 2021 Severity: 3-Major
SSRF Violation is shown as a URL Entity Reference instead of a Parameter Entity Reference.
Wrong Entity Reference in the SSRF violation is misleading.
- Create a URI data type parameter - Add a host to the SSRF Host List - Send traffic which contains the URI parameter with the value configured in the SSRF Host List
N/A
Corrected the Entity reference as a parameter instead of a URL in the SSRF violation.