Bug ID 1092965: Disabled "Illegal Base64 value" violation is detect for staged base64 parameter with attack signature in value

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.1.0, 16.1.4, 15.1.9

Opened: Mar 31, 2022

Severity: 3-Major

Symptoms

An "Illegal Base64 value" violation will be reported for a staged parameter even though Alarm/Blocking/Learning is disabled for this violation.

Impact

The violation "Illegal Base64 value" is reported.

Conditions

- A parameter has to be set to staging mode with base64 decoding. - The Alarm/Blocking/Learning flags has to be disabled for the violation "Illegal Base64 value". - The incoming request has to have the defined parameter in QS with an attack signature that is not base64 encoded in the parameter value.

Workaround

None

Fix Information

The violation "Illegal Base64 value" is not reported if Alarm/Blocking/Learning flags are disabled.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips