Bug ID 1088849: Inconsistent behavior while sending malformed request to /TSbd URLs

Last Modified: Sep 29, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7

Opened: Mar 22, 2022
Severity: 3-Major

Symptoms

When the BIG-IP system receives crafted/malformed requests to fictive /TSbd URLs, the BIG-IP system behaves in three different ways: -- Displaying a default response page with Support ID -- Reset the connection -- Displaying an alternative response page, e.g. 'Leaked Credentials Detected' OR 'Login Failed').

Impact

Inconsistent behavior for malformed /TSbd fictive URLs.

Conditions

Use malformed /TSbd URLs.

Workaround

None

Fix Information

None

Behavior Change