Bug ID 1186661: The security policy JSON profile created from OpenAPI file should have value "any" for it's defense attributes

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3

Opened: Nov 07, 2022

Severity: 3-Major

Symptoms

The JSON profile of security policy created from OpenAPI file has defense attributes required for JSON content validation. Defense attributes created with default values specific to each defense attribute. The default values can be incorrect, thus by default JSON defense attributes should not be enforced and they should have value "any".

Impact

Security policy created from OpenAPI file may enforce some requests with JSON content while it was not required by OpenAPI file.

Conditions

- Creating JSON profile from OpenAPI file.

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips