Bug ID 1057557: Exported policy has greater-than sign '>' not escaped to '>' with response_html_code tag.

Last Modified: May 09, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,

Opened: Oct 26, 2021

Severity: 3-Major


The greater-than sign '>' is not escaped/converted to '>' with response_html_code tag. Having an un-escaped greater-than sign can cause issues when re-importing the policy, if the greater-than sign appears in a specific sequence, ']]>'. In other words, if the greater-than sign does not appear in the specific sequence, you can successfully re-import the policy without problem. The specific sequence can be possible with a custom response page configuration. If you modify the custom response page in the way it has a sequence of characters ']]>', as the greater-than sing won't be escaped due to this bug, the exported policy has the sequence of characters ']]>' as is. Note: what it should be is ']]>' ']]>' in xml is CDATA End delimiter and not allowed. The exported policy causes parser error and can not be re-imported.


The exported policy cannot be re-imported.


This issue occurs if you modify the default custom response page where this specific character sequence is observed ']]>'.


This workaround forces the greater-than sing to be escaped to '>' so that that policy can be re-imported without problem. - make /usr writable # mount -o remount,rw /usr - backup # cp /usr/local/share/perl5/F5/ExportPolicy/XML.pm /usr/local/share/perl5/F5/ExportPolicy/XML.pm.orig - see this line exists # grep "gt;" /usr/local/share/perl5/F5/ExportPolicy/XML.pm $xml =~ s/>/>/g; - delete the line and verify # sed -i '/$xml =~ s\/>.*/d' /usr/local/share/perl5/F5/ExportPolicy/XML.pm - should not see the line # grep "gt;" /usr/local/share/perl5/F5/ExportPolicy/XML.pm - move /usr read-only mount -o remount,ro /usr - make the change in effect # pkill -f asm_config_server

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips