Bug ID 1096477: Parameter set as non-Base64 encoded value is treated as a Base64 encoded value

Last Modified: Oct 19, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:

Fixed In:

Opened: Apr 08, 2022
Severity: 2-Critical


URL parameters that are configured as 'Base64 Decoding' false are still treated as Base64 Encoded values. This leads to reading incorrect parameter values.


A request gets blocked with an attack signature detected, when it should not be. Negative signature check gets skipped or generates false alarms.


Create a parameter, not staged with user-input, alpha-numeric, Base64 values set to False.



Fix Information

The system now check to determine whether Base64 is set for the parameter before decoding it.

Behavior Change