Bug ID 1043205: SSRF Violation should be shown as a Parameter Entity Reference.

Last Modified: Jun 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 17.0.0

Fixed In:
16.1.2.1

Opened: Aug 27, 2021
Severity: 3-Major

Symptoms

SSRF Violation is shown as a URL Entity Reference instead of a Parameter Entity Reference.

Impact

Wrong Entity Reference in the SSRF violation is misleading.

Conditions

- Create a URI data type parameter - Add a host to the SSRF Host List - Send traffic which contains the URI parameter with the value configured in the SSRF Host List

Workaround

N/A

Fix Information

Corrected the Entity reference as a parameter instead of a URL in the SSRF violation.

Behavior Change