Bug ID 1377621: Attack signature in an invalid base64 string is not detected in headers and cookies

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.5.0

Opened: Oct 10, 2023

Severity: 3-Major

Symptoms

Invalid base64 string is not decoded

Impact

Attack signature is not detected

Conditions

Base64 decoding set to enabled/required for headers and cookies

Workaround

None

Fix Information

Invalid base64 string is decoded and attack signature is detected

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips