Last Modified: Mar 26, 2023
Affected Product(s):
BIG-IP ASM
Fixed In:
17.1.0
Opened: Jun 19, 2022 Severity: 3-Major
Incoming requests with path parameters in the URI that cause "Trailing Slash" evasion sub-violation might be reported without buffer details in the remote logger and the GUI violation details.
The buffer reported in violation details is masked with asterisks "*****" while the buffer in the remote logger is missing.
In terms of configurations, "Trailing Slash" and "Trailing Dot" must be enabled in the policy builder, with the addition of "Handle Path Parameters" set to "As Parameters" in the policy. In terms of incoming requests, the URI has to contain path parameters.
None
For violation details and remote logger, the reported evasion sub-violation will have a buffer with value "N/A".