Bug ID 1576653: Value of csrftoken is mistakenly classified as valid Base64

Last Modified: Apr 04, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.5.0

Opened: Apr 09, 2024

Severity: 3-Major

Symptoms

A specific csrftoken value bypasses the signature check

Impact

Request is not blocked leading to a false negative

Conditions

- ASM policy with "All Signatures" set exists - Request is sent with a specific csrftoken value

Workaround

None

Fix Information

Request is blocked as expected

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips