Bug ID 1070833: False positives on FileUpload parameters due to default signature scanning

Last Modified: Aug 23, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2

Fixed In:
16.1.3, 15.1.6.1

Opened: Dec 30, 2021
Severity: 3-Major

Symptoms

False positives on FileUpload parameters due to signature scanning by default

Impact

False positives and ineffective resource utilization

Conditions

A request containing binary content is sent in "FileUpload" type parameters

Workaround

Disable signature scanning on "FileUpload" parameters manually using GUI/REST.

Fix Information

Default signature scanning is disabled for FileUpload parameters created using OpenAPI to reduce false positives on binary content.

Behavior Change